If you're an accountant or bookkeeper interested in using two-factor authentication (2FA) in your practice, there are a few important details you should consider.
SMS 2FA is being rolled out
We're excited to be gradually rolling out SMS 2FA, but it can only be set up if prompted to do so. For now, if SMS 2FA is set up it's not possible to switch to a different 2FA method.
Should my practice use 2FA?
Yes. 2FA keeps your data secure, and it's mandatory to meet industry standards.
You can set up 2FA using either an email account, or an authenticator app. The right option for you will depend on the way your office is set up. Does everyone have a smartphone? Does everyone have access to the email account associated with their login details? Help me choose.
For general information on MYOB's 2FA, see the Two-factor authentication help page.
Note that implementing two-factor authentication will not affect access to:
your Accountants Enterprise or Accountants Office Suite, or
your online practice functions, such as MYOB Portal, dashboard and online tax features via the AE/AO Live icon.
Remember - your team members can select the option Trust this device for 30 days, so they won't need to type a verification code every time they sign in (if they're using the same computer).
If you'd like to learn more about the security technology behind MYOB's two-factor authentication - including the authentication app - please read The Security of MYOB's Two-Factor Authentication White Paper.
2FA has been mandatory since 30 June 2018 to meet new industry standards.
2FA is associated with your login, not the files you're accessing. This means if you've set up 2FA for your login, 2FA will be used regardless of which file you're accessing.
If a client hasn't already done so, ask them to invite you to access their books online. Learn more about advisor invitations for MYOB Essentials Accounting and MYOB AccountRight. You'll then be able to access their file using your 2FA enabled login.
The ATO doesn't allow shared logins.
Once installed, most authenticator apps don't require mobile coverage, data or internet access. But it's best to check the settings within your authenticator app to see if you need to enable offline functionality.
Going overseas? No problem, your authenticator app will still work. If the Google Authenticator app stops working while overseas, it might be a time sync issue (see this Google support doc for help).
If you have any issues using your authenticator app (overseas or at home), check the help for your app.
There's a couple of options:
Use an authenticator app called Authy
You can install Authy on your laptop and use it for 2FA.
Use your backup codes
Use a “one time use” backup code to sign in at client sites. These codes were generated when you set up your 2FA authenticator app and allow you to sign in to your MYOB account when you don't have a phone. Learn more about using your backup codes.