Better account security with two-factor authentication

StevenR
92 Posts
Former Staff
Former Staff

92Posts

0Kudos

2Solutions

Two-factor authentication is an easy, practical way to increase security for you and your online data. Here’s how it works and what it means for your business.

 

What is two-factor authentication?

 

Two-factor authentication (2FA) is a secure sign in process that combines something you know (your password) with something you have (your mobile phone) to ensure that you - and only you - can access your account.

Check out this short video for an overview of MYOB’s two-factor authentication.

[video]

Why do I need 2FA?

 

Usernames and passwords can be stolen by phishing scams or other online security breaches. Securing your account with just your login details may not be enough to protect the sensitive, valuable information in your AccountRight business.

But why risk it? With 2FA enabled, your entire login process is only seconds longer - but exceptionally more secure.

Sounds great! How can I get 2FA on my account?

 

When 2FA becomes available for your account, you’ll be prompted to set it up when you next sign in. If you missed the prompt, don't worry! You can turn on 2FA from the Security Centre at any time. Click here to access your Security Centre.

 

getstarted.png

 

Haven’t been prompted for 2FA yet, and don't see the 2FA option in your Security Centre?

We're rolling out 2FA to every MYOB account over the next few weeks. Want to jump the queue? Fill out this form to get set up sooner.

 

Where can I find more information?

 

For more information on what this means to your business or accounting practice, start by reading more about MYOB’s 2FA in this post on The pulse blog: The cheat’s guide to two-factor authentication

For more information about turning on, signing into, or managing your 2FA, check out the two-factor authentication online help.

45 Comments
julie-blacker
Trusted Cover User
42 Posts
Trusted Cover User

Hi @StevenR   What happens when you are a real estate office and the bookkeeper needs access to the computer and the agent is away or out of range when you go to log in is there a way for the 2 factor to be emailed instead as the phone number is not always available.

StevenR
92 Posts
Former Staff

Hi @julie-blacker, you're right, that's a common scenario for many businesses. We're actually working on email verification right now, and it'll be available as a 2FA option soon.

 

You might like to take a look at the updated chart on our Setting up two-factor authentication page, which has examples of when email or app verification is the best 2FA method to use.

ccall48
Experienced Partner
33 Posts
Experienced Partner

How about the option of just not using it?

 

The whole concept is noble but having already turned if off everything I already use because in reality it is a PITA.

 

I'm also not very fond of uncle google and no longer use any of there services because I personally just dont trust them or want anything to do with them and the idea of an email... really...

 

I just want to be able to login with my username and password and I want my accountant and book keeper to do the same when needed.

 

I do not want 2FA nor am I interested in 2FA.

Tired0000
2 Posts
Cover User

I agree this 2FA is not what Im paying for either.  Its midnight Saturday monring and 2FA is giving me grief stopping me access MY account that I pay service for, yet theres noone around to help.   Im not a happy chappy!! 

Jake_N
MYOB Moderator
1,419 Posts
MYOB Moderator

Hi @ccall48

Currently, it is optional to turn on/off the 2FA authentication but soon it will be mandatory by the ATO to meet new industry standards. Currently, the ATO website is getting maintenance done so I don't have a link, however, I do have the help page that will be updated when it becomes mandatory. Two-factor authentication for accountants and bookkeepers and 2FA authentication.

 

This recommendation for getting your account secure with 2FA is being promoted by most major companies that have an online cloud presence like MYOB, Xero, and Intuit QBO, etc. 

Jake_N
MYOB Moderator
1,419 Posts
MYOB Moderator

Hi @Tired0000

 

Can I please confirm the problem that you are having with your 2FA login? The pages I have linked above may provide a solution to your problem. If they do not feel free to let us know in a post by clicking the "Start a Post" button at the top-right of the screen.

Tired0000
2 Posts
Cover User

Hi @jaken

Yes Ive been and read all that information and it takes me in a big circle.  I dont have the authentication code, nor the back up codes and I cant login without them .  The only option is to call your 0508 number and Ive been doing that yesterday without talking to anyone.  I spend over 30 mins on hold though.  Today as I write this I am on hold again.  its been 9 minutes 28 seconds so far!!!  

What gives on the customer service thing eh? Not good.  Im going to be seeking a credit from you.

 

Neil_M
13,473 Posts
Former Staff

Hi @Tired0000

 

Looking at your account, I see you were able to get through to our team, and judging by the notes on the account they were able to assist you with resolving this issue around two factor authentication on your login.

 

Please don’t hesitate to let us know any time you have a question as the MYOB Community is happy to assist

SammieS
Partner
2 Posts
Partner

Can't log in: two factor authentication code not accepted

  • You've entered the wrong verification code, it has expired, or it has already been used.

I can't tell you how much time I have wasted trying to log in with the 2FA Authentication over the last few weeks.  I have been using it for a while now and it has been slowing getting worse over the last 3 weeks.  I have now wasted an hour trying to log in this morning with no success and with no one to call for help....

AlanT
Partner
2,368 Posts
Partner

Hi @SammieS

 

Try this...

 

On the sithenticator app, go to the menu bar in the top right hand corner and select Settings. Then Time correction for codes.  Frpm here select the Sync now option.

 

This worked for me.

 

Regards

 

AlanT

 

 

SammieS
Partner
2 Posts
Partner

Thanks Alan that worked.

 

Really appreciate your help

 

Sam

nzuser
Experienced Cover User
52 Posts
Experienced Cover User

Does this mean, that we will need to download an app and have to do 2fa every time we log in to AccountRight? This is ridiculous.

John_W
MYOB Staff
70 Posts
MYOB Staff

Hi @nzuser,

 

If you select "Trust this device for 30 days" on the authentication window, you don’t need to type a code every time you log in.  After 30 days, or if you log in from a different device (say your home computer), you'll need to authenticate again. 

doublet
Trusted Cover User
120 Posts
Trusted Cover User

@John_Wnot really - I have been daily saying "trust this device for 30 days", refreshed my browser and flushed my cache numerous times and still have to do the authentication stuff daily. It used to work (not having to authenticate on a daily basis) but hasn't for a couple of months now.

John_W
MYOB Staff
70 Posts
MYOB Staff

@doublet Thanks for sharing. It's obviously not the inteded behaviour, nor is it an issue I'm aware of. So I ran it by a specialist to shed some light and was told we're still investigating some cases where this option isn't working. I know it offers little relief to your inconvenience, but the team are very keen to get to the bottom of this. 

Miriam_OConnor
Experienced Cover User
65 Posts
Experienced Cover User

I have exactly the same problem as @doublet and it is SO ANNOYING! I am being prompted every single day now for 2FA (at first it worked for the 30 days but not now). The other gripe I have about passwords is that even though I log in to my.myob I still have to enter the password for the community  or to go into online files, or bank feeds etc. Ideally I would like to enter my my.dot password just once a day and have that give me access to all my online files, dashboard, AO software, resources etc. (I understand that client AR files may also require a separate password of course.) It just seems like I am entering passwords mulitple times a day on the same computer and it interrupts my thought process!!

Haydes
MYOB Product Team
6,317 Posts
MYOB Product Team

Hi @Miriam_OConnor

 

I recommend having a look at our support note: Trust this device for 30 days

 

We have compiled a list of things to look into if you are being prompted for 2FA each time you sign in. Please let us know if this helps.

 

In terms of being asked for multiple passwords for each sign in event. This would be a separate trouble to 2FA, to look into this please feel free to Start a new Post on the MYOB Partner Zone or AccountRight Getting Started boards and we can look into this.

KatrinaF
Trusted Cover User
89 Posts
Trusted Cover User

Hi @doublet and @Miriam_OConnor,

 

I am in a couple of threads about this issue.  Check out this one for some possible fixes and the latest update Smiley Happy

 

https://community.myob.com/t5/AccountRight-Installing-and/2FA-AccountRight-desktop-keeps-asking-for-...

 

Katrina

arjay
Experienced Cover User
26 Posts
Experienced Cover User

why can you log into a bank app with a 4 digit code, but need 2fa for MYOB.

The 30 day thingo doesn't work, and the advantage of cloud computing is being negated by 2fa.

I struggle to understand why you need 2fa if you can theoreticly keep it for 30 days with pout 2fa

Jeffishar1
4 Posts
Former Staff

Hi @arjay

 

I believe when you say 'Banking app' you actually mean the mobile device banking app.

 

4 digit is no different than your password. We all use 4 digits to unlock our devices. 4 digits is what you know (same as password) where as 2FA (authenticator app 2FA) is what you have. So even if someone got your password (what you know), technically unless the hackers have your phone (and your 4 digits to unlock your phone ) they should not be able to login to your myob product.

 

Mobile apps assume the person who unlocks the phone is the owner so they allow you to use 4 digits or biometric access. This is a different trusted model but with web products we cannot trust anyone unless you choose to (Trust this device for 30 days).

 

Good news !!! We have fixed the remeber me for 30 days issue. So please try again and let us know how you go.

 

Thank you

Jeff

John_W
MYOB Staff
70 Posts
MYOB Staff

Hi @doublet and @Miriam_OConnor,

 

We released a fix last night for the "Trust this device for 30 days" option. Can you give it a try and tell us if it now works for you?

Koriandr
4 Posts
Cover User

As it sounds like it's a requested compulsory feature from ATO I guess there's not an easy way to go about it. But we are definitely not enjoying the 2FA. We are a retail shop front using MYOB and as we have only one common work email address, therefore we have staff using personal email addresses for sign in. This means having to open their personal email accounts online everytime to get the verification number (retail shop so no access to personal phones). Also even having ticked trust this device for 30 days, when ever MYOB crashes during the day, it is requiring the verification code again. Just finding it really inconvenient, slow and frustrating having to open Chrome to open personal webmail sites to get a number, especially when you have a customer standing at the counter! Also for the boss who does not have access to the emails at home it would be good to be able to tick both email and app options so she can work from home. Looking forward to it getting easier somehow but no helpful suggestions unfortunately..

doublet
Trusted Cover User
120 Posts
Trusted Cover User

thanks @John_W. I have logged in today - tomorrow will be the test Smiley Happy I shall report back.

 

Another question - how do I prevent the video above from running every single time I go into this thread?

 

cheers

Teresa

Jeffishar1
4 Posts
Former Staff

Hi @Koriandr

 

Sorry for the inconvenience but as per @John_W post above, we are delighted to inform that we have fixed the known issue with "Remember me for 30 days" functionality. Please try again and let us know if you have any other issues.

 

Thank you

Jeff

arjay
Experienced Cover User
26 Posts
Experienced Cover User

Jeff,

Still having trouble with 2fa.

We need to be able to disable until it is stable with the remember for 30 days checked.

regards,

Rick

arjay
Experienced Cover User
26 Posts
Experienced Cover User

Jeff

I note that you supposedly have fixed the known issues, now you need to fix the unknown issues.

I am still having trouble with the remember 30 days - it doesn't remember for ten minutes.

It is really frustrating when the system used to be easy to use - now have to fluff around and find another number to add.

I still find it intriging that you can have it automatic for 30 days - so why have it at all. Maybe have it 12 monthly, or just once.

It would be great to fix other issues - like when gst is greater than 10%, or adding multiple invoices in the in tray being able to be separated - instead of fluffing around with 2fa

regards,

Rick

Haydes
MYOB Product Team
6,317 Posts
MYOB Product Team

Hi @arjay

 

I have been sure to pass on the details to the team here to get in contact with you to look into the 2FA problems you're facing.

 

If you have any preferred contact method, please do feel free to send me a Private Message with your contact details and I can pass these on.

 

You can send me a Private Message by hovering your mouse over my Avatar and clicking Send Message on the popup.

ccall48
Experienced Partner
33 Posts
Experienced Partner

Glad I’ve held off on the 2FA, I’ve cancelled it with every provider I have used it with so far because of issues or annoyance factor.

 

Ricks right about other issues for example every windows machine I’ve ran AccountRight live on (3 desktops 1 win7 1 2 x win10 and 3 laptops 1 win7 2 win10) it always crashes when you try to log off and work offline so no internet no myob <- this would be more beneficial to subscribers than 2FA.

 

 

Miriam_OConnor
Experienced Cover User
65 Posts
Experienced Cover User

OK, I was not asked for 2FA today so I am tentatively optimistic Smiley Happy

Koriandr
4 Posts
Cover User

Have logged in this morning after ticking trust this device yesterday, still asking for verification number :-(

doublet
Trusted Cover User
120 Posts
Trusted Cover User

(I really hate that the video at the top of this thread always runs every time I visit or refresh this page! Is there a way of turning that feature off?)

 

Anyway, I wanted to report that I had success - this morning for the first time in ages, I did NOT get asked to do the 2FA stuff again, yay.

Cathy_C
2 Posts
Cover User

Hi,

I have setup 2fa for my work and downloaded the Authenticator App on my personal phone. I now need to setup 2fa  for my own business. The current app is only compatible with my work MYOB, how do I access the app on the same phone for my own business MYOB?

 

Thanks.

Jeffishar1
4 Posts
Former Staff

Hi @Cathy_C

 

1 Authenticator app can be used for multiple accounts. So, please follow these steps:

 

  1. Login into your myob product.
  2. When prompted for 2FA setup choose authentitor app setup. After further clicks away when it prompts you for authenticator app download, simply click through ( you don't need to download the app again).
  3. When you get a barcode to scan, then open your personal phone authenticator app, choose to add a new entry and scan the barcode.
  4. A new entry will appear on your phone app with your myob email address. 2Fa code will be generated every 30 seconds.
  5. Use that newly added entry code into the field below the barcode and complete your setup.


It is that simple Smiley Happy.

 

Hope it helps

 

Thank you

Jeff

dcfnt
Contributing Cover User
9 Posts
Contributing Cover User

Hi

I've set up 2FA, however, at the time, I didn't download the backup codes. Now my.myob doesn't recognise my account deets, so I am wondering how I can go about retrieving the backup codes?
Regards

Haydes
MYOB Product Team
6,317 Posts
MYOB Product Team

Hi @dcfnt

 

If you don't have access to your 2FA device and don't have the backup codes either, we can recover your account allowing you to re-set up 2FA and have an opportunity to download the backup codes.

 

I have sent the Account Recovery email to you. Once you receive it, simply follow this support note: Recovering your account

 

If you have any troubles along the way, feel free to send me a Private Message and I can look into this for you. You can send me a Private Message by clicking on my name and clicking Send Message on the next page.

dcfnt
Contributing Cover User
9 Posts
Contributing Cover User

Hi Hayden I have logged in there, but none of the options suit - I have access to the 2FA-enabled device, i just want to retrieve the backup codes in case of future needs. Which option should I choose to be able to do that?

dcfnt
Contributing Cover User
9 Posts
Contributing Cover User

To be clear, when I try to log in to my.myob, I get the error message "The login details provided do not have access to my.MYOB; please try again or call our MYOB Customer Service Team. " Now, I can do that, but i've seen plenty of complaints on this board of how long one waits on the line to get through to customer service, so I thought it was worth asking here. I am using the same login info as I used to log into the community boards this morning...

Haydes
MYOB Product Team
6,317 Posts
MYOB Product Team

Hi @dcfnt

 

Thank you for clarifying, in which case the Backup Codes can be downloaded in the Security Centre: https://my.account.myob.com

 

Here is a helpful support note that can show you what can be done in the Security Centre: Using the Security Centre

 

As for that error, that can occur when the details on our end have not enabled your user to access my.MYOB. From checking the account attached to your email address, I was able to set this up. If you sign out of my.MYOB and wait up to 10 minutes from this post you should be able to open my.MYOB. However this does not contain your backup codes.

 

Let me know if you continue to have any troubles.

dcfnt
Contributing Cover User
9 Posts
Contributing Cover User

Thank you, got them.

cat
Contributing Cover User
8 Posts
Contributing Cover User

For a two person, very small business, I find these extra layers of authentication a real pain in the arse and a waste of time. It's bad enough that I can only opt to be logged in for 12 hours, and it's not like your program doesn't have enough glitches as it is.

arjay
Experienced Cover User
26 Posts
Experienced Cover User

 Cat

I hear what you are saying.

I am still having issues with 2fa - now when logging in on one account,  after putting in the code it boots back to the login screen.

Must be getting old and grumpy - but frustrating when it was so easy before, and no perceived benefit.

Steven_M
45,180 Posts
Former Staff

Hi @cat, thank you for your feedback.


Two-factor authentication is a mandatory requirement introduced by the ATO for DSPs (Digital Service Providers) - this post explains more about this mandatory requirement. Plus it also adds additional security to your company file and financial records.

 

@arjay I would recommend taking a look at Get help signing in with two-factor authentication, in particular, the Troubleshooting section.

arjay
Experienced Cover User
26 Posts
Experienced Cover User

Steven,

Thanks for that - but find it frustrating that a system worked fine - being able to login on several different devices to work on MYOB - and 2FA is brought into existence and there is issues.

I can login in after putting in 2FA details - and it goes back to the login page - so I have to enter MYOB again - don't need 2FA the second time.

Having 2 entities with 2 email details means when I switch entity I need 2FA each time - even when I have remember for 30 days.

If I forget my phone when I need to login with 2FA - this is a pain. All very well having a backup - but it may not be on the computer that I am using.

I use a computer at home, work and tablet and mobile phone. 

Maybe I am different to normal users - but it used to work fine before 2FA.

The question is - if we can remember for 30 days - why have it at all? - or make it remember for each login on each computer.

 

I must be getting old and grumpy.

 

regards,

Rick

Steven_M
45,180 Posts
Former Staff

Hi @arjay

 

Thank you for your additional feedback, I've shared it with the team.

 

As has been mentioned, two-factor authentication is now a mandatory requirement.

 

In your post, you mentioned about losing your two-factor device, in these situations you should be utilising one of your backup codes available. Ideally, these should be stored in a safe location but you are more than welcome to split them up. For example, have a code (or series of codes) stored at home, at the office... to access should you need to. 

arjay
Experienced Cover User
26 Posts
Experienced Cover User

Steven,

Thanks for that.

I understand that 2FA is mandated - it would be great if it worked seemlessly in the background. 

 

I will have to print out the back up codes and carry with me in future so I don't get caught out.

 

Regards 

Rick