The cheat’s guide to two-factor authentication
Two-factor authentication (2FA) is coming to MYOB accounting software in May. 2FA is a practical and simple way to increase security for you and your data, reducing the risk of a data breach.
Here, we dive into the whats, wheres and whys of 2FA so that you’re comfortable with the technology if you choose to use it.
What is two-factor authentication?
In the case of MYOB’s implementation of the technology, 2FA means having two ways of proving that you’re you!
1 = something you know (your username and password)
2 = something you have (your mobile phone)
It’s designed to protect your login identity, making it much harder for someone to impersonate you if they steal your passwords.
How does it work?
Here’s how MYOB is using 2FA (there are several different solutions in the market):
You enter your username and password as usual. You’re then prompted to enter a code. This code is available via an app on your phone. You’ll need to have this app installed on your phone, but it’s free and it’s small (i.e. won’t take up much of your phone’s storage space).
This whole login process is barely seconds longer than you’re used to. You can also choose to “trust” the computer/device that you’re currently working on for the next 30 days, so every time you log in using that same computer and the same browser you won’t need to re-enter the code.
But if you go to another computer/device and login using your username/password, you’d be prompted for the code again. You’d then simply open the app on your phone and type the unique code into the login screen.
Why is it so important?
Here are a few reasons, but the simple explanation is that there are bad people lurking around the internet.
- Usernames and passwords can be stolen or guessed
- We see headlines regularly about digital security breaches in all sorts of businesses
- A recent MYOB survey shows that around two in three SMEs have online security concerns. The biggest concern was around “Hackers gaining control of their data” Source: MYOB Business Monitor, Gundabluey Research; December 2016
- The information contained in a business’s online accounting file is sensitive and valuable. There’s the potential for real financial loss if someone maliciously accessed your data file
Who is it suitable for?
2FA is suitable for anyone who’s confident that they’re the only one who knows and uses their login details (username and password) and they’re ready to protect their MYOB login access.
When can I start using this improved security feature?
We’ve already made this available to 18,000 users. We expect to make it available to most of our MYOB customers at the end of May.
If I turn on 2FA, does that mean my accountant/bookkeeper can’t access my files anymore?
NO – 2FA is designed to protect your login details only. It doesn’t change your business advisor’s access to your data files.
What will happen on 30 May?
When you log in to MYOB Essentials or AccountRight from 30 May, you’ll be prompted to “Turn on 2FA”. You can choose to set up right then (it only takes a moment) or you can choose “Remind me Later”. You’ll get your first reminder seven days later.
I’m an accountant/bookkeeper. Can staff in my practice start using 2FA?
Assuming everyone has their own login, this is entirely a business decision for your practice.
Check it out, consider how this works in your business workflows. For example, do your team members have smartphones? Will they be able to install the app?
Remember they don’t need to type a code in every time they open any MYOB file; they may only need to enter a code once every 30 days (assuming they’re using the same computer).
Because we want you to make the decision that works for your practice at a time that suits you, we won’t be prompting your team members (assuming their user login is associated with your practice MYOB account). Nothing will change for your team until you decide to roll out this new feature in your practice.
Is 2FA mandatory?
No – it’s an individual choice whether or not you want to make your login details more secure. We’re just offering you the option.
I want more information!
You can get more detailed information in our Online Help.
And as always, call us on the usual numbers to speak to a real live person who will help you out if you get stuck.