Hi everyone,
One more update to this post (27/11/24)
The changes for inactivity went live today on the 27th November.
Specifically for AccountRight, many customers encountered unexpected crashing/freezing of the software after entering their password to sign in again. Work in progress would also be lost due to the crash.
I want to assure everyone that this is not the expected behaviour associated with the inactivity timeout. You can expect the screen to blur and a message pop up. Click sign in again as [user]. Enter your password and you will be back to continue where you were (no loss to work in progress)
As a result of the crashing, we have temporarily disabled the inactivity timeout for AccountRight, you will need to close and re-open AccountRight for this change to take effect.
Thank you for the feedback, examples and information provided on these issues today. We are continuing to investigate before it is enabled again.
I’m updating this post (2:30pm AU 21/11/24), as there have been a lot of comments and engagement in the change.
With over 100 comments on the post, we are starting to get the same questions being asked, and answers being missed so I hope to summarise the change and key questions/feedback here.
The change/s and timeline
- September 30th > MYOB implemented 2FA being required at least once every 24 hours
- Some initial feedback came through about the 2FA prompt caused customers to lose work in progress
- MYOB has implemented a fix based on feedback and 2FA is prompted on the first login each day to avoid loss of work
- November 27th > you'll be asked to sign back in after 20-30 minutes of inactivity (announced November 19th)
- This announcement on inactivity is driving a significant amount of feedback and discussion that I will summarise below
What’s changing:
From Wednesday 27 November 2024, you’ll be asked to sign back in after 20–30 minutes of inactivity. After this time, your screen will become locked and blurred. To continue working, you'll need to sign back in with your username and password. This applies to the following MYOB software: MYOB Business, MYOB AccountRight and AccountRight browser (online files only), MYOB Connected Ledger, MYOB Business Payroll Only and MYOB Practice.
Browser:
Desktop:
What do you need to do?
When you’re presented with the Are you still there? message we recommend that you click Sign in using [existing email] to return to work in progress.
Note* 2FA is not required as part of signing in again and your email will automatically be pre-filled
Will I lose my work when the screen is greyed out?
If you sign back into your account using your existing email, you won’t lose any work in progress and can continue where you left off. However, if you choose to sign in to a different account, your work will not be saved.
If you click Back or Reload, or if you don’t sign back in after 12 hours, you'll also lose work in progress.
How does the inactivity screen work between Browser and Desktop?
When you are logged into both the Browser and Desktop at the same time, each session will operate independently. This means that if you are inactive in the Desktop version, you can remain active in the Browser version. The inactivity timeouts for these sessions are separate from one another.
When signing back in after inactivity, do I have to enter my email, password and do 2FA?
No, your email will be automatically pre-filled when signing back in using your existing email to both the desktop and browser software. Users will be required to enter their password only. 2FA is still a 24-hour requirement and not required for signing back in after an inactivity timeout.
Can I opt out of the new inactivity or 24-hour 2FA security measures?
No, as these are mandatory compliance changes in line with industry best practice, they cannot be disabled
Why am I being asked to login or do 2FA multiple times a day?
Based on scenarios described in the forum + a known issue that MYOB is currently working to resolve, this could be for one of the following reasons.
- Opening multiple instances of AccountRight. This seems to something multiple customers are doing when they have multiple files they work on. Instead of switching between files (no login would be required) they are all opened concurrently and each instance of AccountRight that is opened will require a login
Is this an MYOB decision or required by the ATO? And subsequently, why do New Zealand customers need to adhere to ATO requirements?
- Yes, both the 24 hour 2FA and the inactivity timeout changes are mandated requirements from the ATO. This requirement seeks to minimise the opportunity for unauthorised users to access Taxation, Accounting, Payroll, Business Registry or Superannuation related information. Read more on the ATO website here if interested
- New Zealand customers, although not bound by the same requirements set by the ATO, will share the same security measures as our Australian customers so that MYOB is providing best practice security to all customers.
MYOB has also published help articles that explain the changes and can be found below
