Forum Discussion
Hi JillL1,
Thank you for your response.
The scenario where the application closes after a backup, creating additional steps to reopen and logout, is definitely not ideal. There are multiple possible solutions that can be considered for both simplifying the logout process and this scenario with backups. Our developers are definitely looking into this, but we are unable to provide an ETA on when a solution will be released. Release notes are regularly published on our support pages, but we will absolutely post an update on this thread when more information is available.
Feel free to reach out if there's anything else I can assist you with.
Cheers,
Princess
At the very real risk of wasting my time and effort -
Could you direct me to where in the release notes it talks about the 2FA - or warns users about the lack of security please? As a user the communication from MYOB has been dismal on this. The advice from MYOB has been conflicting and unclear, it is no wonder that the developers are no closer to a solution when MYOB don't appear to have any grip on how big a security concern this is for users. In a world where logging into any site has become more and more secure to have an accounting package with such a gaping hole in it's security is simply unbelievable. Are you serious about fixing this or do we need to take our loyalty elsewhere? Are you waiting for a media storm on a widespread MYOB breach of security?
How exactly do we take this complaint further up the chain? I've tried your complaints process and that is the same "we hope this addresses your concerns in full" or "please feel free to reach out if anything else I can help with". We, the users, those who make MYOB viable ARE BEGGING for help on this issue. This is the security of our accounting records and MYOB are not prioritising the solution - WHY??
As per your Customer Resolutions advice - 2FA is an ATO requirement. Can you please demonstrate how you are compliant with that? If MYOB are unwilling to give users a timely resolution, should we be lodging a complaint with the ATO?
- Lmcstack3 months agoExperienced User
This 2FA has been an ongoing Iissue and MYOB do not seem to comprehend the truly concerning impact to security the changes they have made.
You state in response above that:
"our recommendation for now is to ensure that all users log out of the software when they are finished."
So to clarify "logging out of the system" requires you to select the menu option Services>sign out of accountright live.
ANY other way of exiting the file such as:
- File>close
- Selecting "X"
- If the system crashes/freezes automatically shuts down
does not require the user to re-enter a password. The MYOB system actually allows you to relaunch the program and it will automatically open the data file under the previous users login.
I cant tell you how dangerous this is and how UNSECURE this protocol is.
Let me give you an example:
We have a staff member of leave at the moment, so we have two staff members using a specific PC who each have different logins and security profiles. If one staff member simply closes the file (as we have always done) by either selecting "X" or File>Close. Anyone who has access to the PC can simply lauch the program and open the MYOB data file WITHOUT REQUIRING A PASSWORD.
We have also had an instance where the wrong email address was entered and returned an error message. The user closed the program and the data file opened WITHOUT REQUIRING A PASSWORD.
I know for a fact that Qbooks/Intuit and XERO both require 2FA EVERYTIME you close the file by ANY METHOD either X or File Close. It will also time you out of the file requriing a password to re-enter.
Please explain how MYOB believe that introducing a distinct and seperate process for exiting a data file and removing the necessity for a password authentication when a file is closed is in any way accceptable security for confidiential Accounting data?
- Antoon3 months agoExperienced User
It's pretty obvious the software development is outsourced and Myob staff are unqualified to resolve issues as they arise! They are raking in our money every month and not providing any meaningful service. My bookkeeper has greater problems with Myob. I fear QBO and Xero are probably no better...
- MikeG13 months agoMYOB Moderator
Hi Jill,
The mention of release notes is a way to stay informed of any future changes we make to our software, including security. As no changes have been made on this yet, there is nothing to share to you.
The security rules around when you will be prompted to enter your email and password, as well as when you will be prompted for 2FA are not the same for all customers depending on how they access their software, what location they access their software, how often they access their software, whether they have multiple staff using a single PC or not (and wether they each have a unique sign on to the PC).
In most cases, the presumed 'gap' in security would come from persons having unprotected access to a PC, rather than to the MYOB software itself. As such, if this is the case, then our recommendation for now is to ensure that all users log out of the software when they are finished.
Logging out of the software will ensure that when it is next opened, the email and password will be requested from the next user.
As Princess has mentioned, we are definitely developing updates to our security based on feedback from our customers but we are unable to provide an ETA on when this will change will be released at the moment.
I have also asked Tiff to get back in touch with you for anything further.
Regards, Mike - JillL13 months agoExperienced User
I'm almost speechless...
Just to clarify. EVERY other programme we use that requires 2FA, requires it without variation. No exceptions. No work arounds. No awkward, non-standard way of logging out. No need to instigate levels of security OUTSIDE of the program just to get some basic security happening. Most, if not all, automatically log you out after a short period of inactivity. They just work as they are intended to. This one does not.