Enhanced security measures are live - Update 20/11 *Edit 21/11/24
Hi everyone, I’m updating this post (2:30pm AU 21/11/24), as there have been a lot of comments and engagement in the change. With over 100 comments on the post, we are starting to get the same questions being asked, and answers being missed so I hope to summarise the change and key questions/feedback here. The change/s and timeline September 30 th > MYOB implemented 2FA being required at least once every 24 hours Some initial feedback came through about the 2FA prompt caused customers to lose work in progress MYOB has implemented a fix based on feedback and 2FA is prompted on thefirst login each day to avoid loss of work November 27 th > MYOB will be implementing a signout based on 20-30 minutes of inactivity (announced November 19 th ) This announcement on inactivity is driving a significant amount of feedback and discussion that I will summarise below What’s changing: FromWednesday 27 November 2024, users will be automatically signed out after 20-30 minutes of inactivity in MYOB products including:MYOB Business, MYOB AccountRight and AccountRight browser (online files only), MYOB Connected Ledger, MYOB Business Payroll Only and MYOB Practice. After this time, the screen will become locked and blurred. To continue working, users will need to sign back in with their username and password. Browser: Desktop: What do you need to do? When you’re presented with theAre you still there?message we recommend that you clickSign in using [existing email]to return to work in progress. Note* 2FA is not required as part of signing in again and your email will automatically be pre-filled Will I lose my work when I’m signed out? If you sign back into your account using your existing email, you won’t lose any work in progress and can continue where you left off. However, if you choose to sign in to a different account, your work will not be saved. If you clickBackorReload, or if you don’t sign back in after 12 hours, you'll also lose work in progress. How does the inactivity sign-out work between Browser and Desktop? When you are logged into both the Browser and Desktop at the same time, each session will operate independently. This means that if you are inactive in the Desktop version, you can remain active in the Browser version. The inactivity timeouts for these sessions are separate from one another. When signing back in after inactivity, do I have to enter my email, password and do 2FA? No, your email will be automatically pre-filled when signing back in using your existing email to both the desktop and browser software. Users will be required to enter their password only. 2FA is still a 24-hour requirement and not required for signing back in after an inactivity timeout. Can I opt out of the new inactivity or 24-hour 2FA security measures? No, as these are mandatory compliance changes in line with industry best practice, they cannot be disabled Why am I being asked to login or do 2FA multiple times a day? Based on scenarios described in the forum + a known issue that MYOB is currently working to resolve, this could be for one of the following reasons. Closing AccountRight using the ‘x’ is currently causing 2FA to be prompted when re-opening the software even if it is less than 24 hours. This was recently discovered as a bug/regression with the last AccountRight 2024.10 release and the team are releasing a fix to this asap. Opening multiple instances of AccountRight. This seems to something multiple customers are doing when they have multiple files they work on. Instead of switching between files (no login would be required) they are all opened concurrently and each instance of AccountRight that is opened will require a login Is this an MYOB decision or required by the ATO? And subsequently, why do New Zealand customers need to adhere to ATO requirements? Yes, both the 24 hour 2FA and the inactivity timeout changes are mandated requirements from the ATO. This requirement seeks to minimise the opportunity for unauthorised users to access Taxation, Accounting, Payroll, Business Registry or Superannuation related information. Read more on the ATO website here if interested New Zealand customers, although not bound by the same requirements set by the ATO, will share the same security measures as our Australian customers so that MYOB is providing best practice security to all customers. MYOB has also published help articles that explain the changes and can be found below For Australian customershere For New Zealand customershere
Improvements to updating employee pay details
Hi all, we've recently released a message in AccountRight and MYOB Business to prompt you to either keep an employee’s current Standard Pay hours or revert them to the default hours per pay frequency when the pay rate or frequency is changed in the Payroll Details>Wagestab. This is for Australia only and will keep customers aware of how changes in wages affect Standard Pay and give greater control when updating hourly employees. You can find out more for browser at point 6 here: https://www.myob.com/au/support/myob-business/payroll/changing-an-employees-salary-or-hourly-rate?productview=Browser and desktop at point 8 here: https://www.myob.com/au/support/myob-business/payroll/changing-an-employees-salary-or-hourly-rate?productview=Desktop
