Blog Post

MYOB Announcements
2 MIN READ

Enhanced security measures are live 30/09/24

MikeG1's avatar
MikeG1
Admin
2 months ago

Hello community

Our support teams have seen an increase in calls related to 2FA since this update went live yesterday.
This is somewhat expected, because 2FA is now being requested more often, but it is preventable by setting up a secondary authentication method
That way, if for example you recently got a new phone, you would still be able to authenticate using your secondary method to access your software and also access My Account to update your 2FA to the new device.

The change

We have rolled out an enhanced security measure designed to provide additional protection and help prevent unauthorised access. 


Here’s what you need to know.   

 

What changed? 

From 30 September, login and two-factor authentication (2FA) will be required at least once every 24 hours for the following products:  

  • MYOB Business  
  • MYOB AccountRight (browser and desktop*)
    *Online files only 
     
  • MYOB Connected Ledger  
  • MYOB Practice  

Learn more here


Please note:
2FA will be required to login to your account, and is not required for each file (if you have multiple files) 


How to prepare
 

Set up multiple 2FA methods to receive your verification codes, such as an authentication app or SMS. This will help you to avoid sign-in hassles that can occur if you can't access your codes via your usual 2FA method.  

   

Don’t forget, individuals must have their own login, and 2FA, to access our software. This means, no sharing of login details between team members. This includes you, your team members and your clients. 

Set up now

 

Read more here in this community forum post about setting up additional two-factor authentication methods.

Cheers, MYOB!

Updated 2 months ago
Version 2.0
  • Why does MYOB have more security measures than online banking?

     

    If someone had the ability to hack into my user profile online, will they be intent on altering my general ledger or GST return?

     

    Or do you think they will break into the office overnight? Bypass the alarm and physical door locks, crack my computer password and sign in to MYOB. If they've got that far, the 2FA will be emailed to the same computer and they will easily have the same access to MYOB as I do!   

     

     

     

     

  • The MYOB minders have gone bonkers with these latest changes.  It has nothing to do with real security but just MYOB covering their backsides in case someone has a breach.
    Even this forum now needs to have 2FA access - are MYOB frightened their competitors will see the negative comments??  Like most others who comment on this topic, give users the ability to structure their security the way they wish!

    • MikeG1's avatar
      MikeG1
      Admin

      Hi Artemis7000 , the majority of content in this community forum can be viewed without logging in. You only need to be signed in to post/like/comment etc.
      To make it easy for our customers to register, the community forum has always been linked with the MYOB single sign-on therefore the same authentication rules also apply.
      Hope this helps 

  • We have multiple desktops in a retail store where staff operate from but not allowed their phones on the floor and their emails are only at their main desk. To sign in now they need to run back to their main desk to get code then go back to that desktop and sign in. 

    Even when i was working from my desktop and signed in on another desktop in the retail space i still needed the code to login in, thus creating more downtime and frustration for the customer. 

    There needs to be an option for the user to remove this sign in option. 

  • The MYOB Login has always been bad, but now it's even worse.

    As others mentioned, it should be up to the users to decide the level of security when logging in.

    This is the only program where we have to manually type in the login details every day on the same exact computers, costing the business a minimum of 3-5 minutes a day, which is 20-25 minutes per week, of unpaid labour. Login should be automatic, just like with most other programs. 

    Even for online banking it's far easier and quicker to login daily. 

    • MikeG1's avatar
      MikeG1
      Admin

      Hi IntertradePete , if you're experiencing any slowness with authenticating, I expect this might be due to having email set up.
      Authenticator app is the fastest method where codes refresh 30 seconds, SMS would be the next best thing and then email can certainly experience slowness.
      We find certain email providers can take longer than others and theres always the chance the email goes to junk etc.

      MickyH75 , in Australia, the 24 authentication is being requested by the ATO and if they have not already, then Xero will also be doing this along with all others.
      Price wise, MYOB can provide you more for less at nearly every level of software. It's always a good idea to see whats available, but im sure you'll find you have a good thing with MYOB. 

      • Hi MikeG1. I was referring to the simplicity of the Login, not the speed of the internet or email system. Imagine, we have 10 windows open on the computer and we always need to jump back to the emails to copy over the authentication code. Even if it's a requirement by ATO, at least the login email address should have an option to be saved for Login, so we don't have to type it in manually every morning on every computer. 

    • MickyH75's avatar
      MickyH75
      Experienced User

      With the price increases last year and now this my boss's query the other day about switching to Xero has me thinking I might have to set some time aside to investigate.

      • H-TS's avatar
        H-TS
        Trusted User

        Xero does have several nice features that aren't available in MYOB and we review it regularly. I would recommend testing thoroughly for everything you need to do in every file you have. Last time I checked there were still a few features we use every day in MYOB that aren't available in Xero (eg recurring sales templates that can be used for any customer). As enticing as Xero is, and as frustrating as MYOB is, it's still the one for us, for now. 

  • H-TS's avatar
    H-TS
    Trusted User

    I set up a secondary backup 2fa option as recommended but now that one seems to have become the default. How do I change back to having the other option as default, or will the default always be the last method used. The only options are enable or remove. I don't want to have to select to 'try a different method' every day. Any chance you'll bring back the 'remember my email address' option at least now that we have to do this extra step every time? It's hard to imagine how prefilling an email address is a security risk. 
    I had to do 2fa to get into the file this morning, then again to enter myaccount to try and change the default, and now again, to try again to set up the authenticator option that wouldn't work yesterday. It's really overkill.

  • Good morning MickyH75 ,

    MYOB is doing what we can to provide security improvements that prevent unauthorised access to our customers software.
    We are also ensuring that we are meeting all of the ATO's compliance requirements and continue to apply best practice security process to all of our software.

    We are making this change easier for our customers by introducing the ability to have multiple methods of 2FA, and I recommend that you head to myaccount.myob.com to set up a secondary 2FA method as soon as possible.

    2FA has always existed with our software and we don't provide the ability for customers to choose how this operates so that all of our customers are secure and meeting regulatory compliance standards.

    The short version of this change is that previously, you had the option to 'trust this device' for 30 days, but from the 30th, this will no longer be available and 2FA will be required at least once every 24 hours.  

    • MickyH75's avatar
      MickyH75
      Experienced User

      Hi MikeG1  I could understand if this was rolled out just for the browser version but to make it for the desktop version as well seems over the top. We use SAP B1 for one of the companies in the group and it doesn't even use 2FA.

      • MikeG1's avatar
        MikeG1
        Admin

        Hi MickyH75 , there are a couple of extra points I can clarify here.
        Thanks for your questions, I will update our main post about this change as well.

        2 key messages/updates:

        • 2FA is prompted on login to your account, and not for each file
          So changing between your 21 files after you have signed in, will not prompt for any further 2FA verification
        • This is only for online files
          The comms does mention AccountRight Desktop, but we neglected to be specific this is only for online, if you have using a local, offline, desktop file in AccountRight you may not be prompted for 2FA
  • MickyH75's avatar
    MickyH75
    Experienced User

     It should be up to an organisation to set its own policies on security not you as the software provider. Please change it so that I as the company administrator can choose what level I want for my companies (we have 21 separate files).