MYOB logon no longer requires 2FA

Hi All

I answer, now, my own post after MYOB have finally replied to my concerns in private replies.

My concerns were that the changes MYOB have made to the security of logging on to online files has changed - and these changes has actually DECREASED THE SECURITY of this process.

This forum echoed with the cries of users screams - "WHAT HAVE YOU DONE MYOB - the security is decreased" - and no real answers came forth from MYOB explaining the changes.

In essence - the changes that we all noticed

1. 2FA authentication requirement disappeared - and we were only required to enter our user name and password

2. that the username (typically the user's email) was no longer stored and remembered and had to be entered everytime ( this in itself I have no problem with and is actually an increase in security protocol - and does add a small level of secuirty)

However, the biggee was that 2FA disappeared.

MYOB never actually explained the changes ( to my knowledge)  and let us comment - the users.

As it turns out - in my private email from MYOB - which was polite, respectful and answered my queries quickly - finally) 

That the 2FA authentication does appear - however, only when you goto 

the 'SERVICES' tab and select 'Sign out from AccountRight Live' !!!! - and this appears to be correct! - end of STORY

NO!!!!!!

My reply - which MYOB acknowledged was correct - was that MYOB's improved security actually was a deprecation of secuity and LEFT our online files open to access with only a user name and password - i.e. the 2FA requirement had by default been cancelled/removed - or negated!

Why.......

Typically, and for years if your MYOB online file was left open, or you closed it by just clicking the cross top right or you selected in the tab FILE - EXIT ( which I do, as do all my staff)  - then accessing the same MYOB file within 12 hours ( if you ticked the 12 hr click box to not ask for credentials - BUT NOT THE 30D - we just don't use that - and forbid staff to do)  - then within the day you could click back onto the file and open  without 2FA/username/password.

If these parameters expired - which they did within 24 hours - next time you logged on you entered your password ( because your email was pre-entered) and you were asked for your 2FA - this secuirty was good, adequate and appropriate.

Suddenly it all changed - carryout these procedures AFTER MYOB updated their security - and BY DEFAULT - using EXIT/ click the X or time out - and by DEFAULT 

MYOB on line allows you back into any file, any client's file - with just the username and password

In my realm - a deprecation of secuirty procedures - a decrease of secuirty and yet we do not get told of this.

EXCEPT when everyone screams we just get told 

"YOU NEED TO NOW!!!!!! - SELECT LOG OUT OF ONLINE SERVICES" - !!!!!

OK then MYOB - if weese dumb users continue to select "EXIT"; or "X" or just leave it open to time out - PUT A DEFAULT reset in there that automatically logs us out of ONLINE SERVICES!!!!!

MYOB this really is a stuff up and a deprecation of security which needs notification to the appropriate agency.

Please FIX this and create a default that logs us out of on line services either in 24 hours - 7 days or 30D - if that user is using the same IP and the same computer.

THE DOC