ContributionsMost RecentMost LikesSolutionsRe: Annoying mannual login required every day Hi MezIndustries , this was a bug from our latest version release on AccountRight. We released a patch to fix it yesterday and this shouldnt be happening anymore. I believe if people are opening multiple instances of AccountRight to view multiple files concurrently, then each instance of AccountRight will require login. Outside of this scenario, if switching between files in a single instance of the software, there are no additional login prompts. 2FA is a 24 hour requirement and will be prompted on the first time you access the software for the day Re: Annoying mannual login required every day Hi Jo15 , although it is related to payroll, therules are “anything that can interface with the ATO on BAS or STP” to paraphrase so as all our products have access to the ATO, (whether being used or not) they adhere to the same ruling. I also want to clarify that 2FA is not a requirement for the inactivity timeout. 2FA is requested once every 24 hours, this should occur on your first login to the software each day Then if/when a customer is signed out due to the 20-30minutes of inactivity, the users email will be prefilled and they will only need to enter their password to access the software again. Re: Enhanced security measures are live - Update 20/11/24 Good morning perkyone , sorry for not replying sooner. This idea of an audible alert is one that MYOB is considering. I cant confirm whether this will be developed or implemented yet but it is definitely documented on our end Re: Having to Authenticate everytime I log in. Good morning Deb14 Thanks for the post, its great to see you back on the forum! This was a bug/regression that came from our recent 2024.10 release of AccountRight I'm pleased to confirm that we released a patch to fix this last night though and it shouldn't happen anymore Cheers, Mike! Re: Enhanced security measures are live - Update 20/11 *Edit 21/11/24 Hi Gnickrapon, that sounds like the known bug that recently came about with the 2024.10 release for AccountRight. The good news is that we have released a patch to fix this today and repeated 2FA should not occur for you anymore Enhanced security measures are live - Update 20/11 *Edit 21/11/24 Hi everyone, I’m updating this post (2:30pm AU 21/11/24), as there have been a lot of comments and engagement in the change. With over 100 comments on the post, we are starting to get the same questions being asked, and answers being missed so I hope to summarise the change and key questions/feedback here. The change/s and timeline September 30 th > MYOB implemented 2FA being required at least once every 24 hours Some initial feedback came through about the 2FA prompt caused customers to lose work in progress MYOB has implemented a fix based on feedback and 2FA is prompted on thefirst login each day to avoid loss of work November 27 th > MYOB will be implementing a signout based on 20-30 minutes of inactivity (announced November 19 th ) This announcement on inactivity is driving a significant amount of feedback and discussion that I will summarise below What’s changing: FromWednesday 27 November 2024, users will be automatically signed out after 20-30 minutes of inactivity in MYOB products including:MYOB Business, MYOB AccountRight and AccountRight browser (online files only), MYOB Connected Ledger, MYOB Business Payroll Only and MYOB Practice. After this time, the screen will become locked and blurred. To continue working, users will need to sign back in with their username and password. Browser: Desktop: What do you need to do? When you’re presented with theAre you still there?message we recommend that you clickSign in using [existing email]to return to work in progress. Note* 2FA is not required as part of signing in again and your email will automatically be pre-filled Will I lose my work when I’m signed out? If you sign back into your account using your existing email, you won’t lose any work in progress and can continue where you left off. However, if you choose to sign in to a different account, your work will not be saved. If you clickBackorReload, or if you don’t sign back in after 12 hours, you'll also lose work in progress. How does the inactivity sign-out work between Browser and Desktop? When you are logged into both the Browser and Desktop at the same time, each session will operate independently. This means that if you are inactive in the Desktop version, you can remain active in the Browser version. The inactivity timeouts for these sessions are separate from one another. When signing back in after inactivity, do I have to enter my email, password and do 2FA? No, your email will be automatically pre-filled when signing back in using your existing email to both the desktop and browser software. Users will be required to enter their password only. 2FA is still a 24-hour requirement and not required for signing back in after an inactivity timeout. Can I opt out of the new inactivity or 24-hour 2FA security measures? No, as these are mandatory compliance changes in line with industry best practice, they cannot be disabled Why am I being asked to login or do 2FA multiple times a day? Based on scenarios described in the forum + a known issue that MYOB is currently working to resolve, this could be for one of the following reasons. Closing AccountRight using the ‘x’ is currently causing 2FA to be prompted when re-opening the software even if it is less than 24 hours. This was recently discovered as a bug/regression with the last AccountRight 2024.10 release and the team are releasing a fix to this asap. Opening multiple instances of AccountRight. This seems to something multiple customers are doing when they have multiple files they work on. Instead of switching between files (no login would be required) they are all opened concurrently and each instance of AccountRight that is opened will require a login Is this an MYOB decision or required by the ATO? And subsequently, why do New Zealand customers need to adhere to ATO requirements? Yes, both the 24 hour 2FA and the inactivity timeout changes are mandated requirements from the ATO. This requirement seeks to minimise the opportunity for unauthorised users to access Taxation, Accounting, Payroll, Business Registry or Superannuation related information. Read more on the ATO website here if interested New Zealand customers, although not bound by the same requirements set by the ATO, will share the same security measures as our Australian customers so that MYOB is providing best practice security to all customers. MYOB has also published help articles that explain the changes and can be found below For Australian customershere For New Zealand customershere Re: Enhanced security measures are live - Update 20/11/24 The ATO forum - thread and reply linked below for transparency https://community.ato.gov.au/s/question/a0JRF000002YnjV2AS/p00346666 However this is a disappointing reply from the ATO, we have clearly been able to provide documentation on the ATOs own website/guidelines (below) that show and confirm this is an ATO mandatory requirement. https://softwaredevelopers.ato.gov.au/operational_framework/further-guidance-requirements Re: Enhanced security measures are live - Update 20/11/24 Hi again JasonFisher - thanks for adding your feedback here. I just want to confirm a couple of points from your post above. After an inactivity timeout, the email is remembered, so you will only need to enter your password, not both. With regards to shutting down conversations (there are no overlords, it is just myself and Amanda for the most part) and you can see in this thread alone there are more than 100 comments. I have taken no steps to block or shut down feedback from customers, but your original request made in the ideas exchangewas closed because we know that this is a mandatory change and the ability to 'opt out' is not something we can provide Re: Enhanced security measures are live - Update 20/11/24 Hi PeterEPNZ , definitely a lot of comments, dont blame you there! Im going to update the main post to be more of a Q&A type post based on all of this feedback soon With regards to work in progress, you must sign back as the same email/user to return to work in progress. See below from the help article: If you’re presented with the Are you still there?message, clickSign in using [existing email]to return to what you were working on in AccountRight. For example, if you were in the middle to entering an invoice in theSaleswindow when you were signed out, you'll be returned to theSaleswindow when you sign back in with your email address, able to continue where you left off. If you choose to sign back in with a different MYOB account, clickLog in as a different userand sign in with that account. Any work in progress will be lost. If you clickExitor,when using AccountRight browser,BackorReload, or if you don’t sign back in after 12 hours, you'll also lose work in progress. Re: Enhanced security measures are live - Update 20/11/24 Hi LAP-BP , unfortunately, if it is compulsory, then giving customers the ability to disable it would allow for people to not adhere to something that is compulsory. I also want to confirm that for the inactivity timeout, the email will be remembered and does not have to be re-typed.