What’s coming?
MYOB are introducing enhanced password security standards in line with ATO Digital Service Provider regulations.
This rollout will happen in two phases:
PHASE ONE
With the release of 2023.1 enhanced password security standards are being introduced.
What does this mean for you?
If you DO NOT currently use secure authentication (purple button) – your password will need to meet the complexity requirements of at least 14 characters long and contain at least one upper-case letter (A to Z), one lower-case letter (a to z), and one number (0 to 9) or symbol (e.g., !#$%^) in order to log in.
For more information about better password security go to: https://enterprise-support.myob.com/adv/better-password-security-standards
Note: These changes only affect you if you sign in with a username and password (Green Button), not if you use secure authentication (Purple Button). Momentum however recommend that everyone updates their Advanced Passwords (Green Button) as some areas like Employee Self Service, use the Advanced Login.
Interested in setting up secure authentication?
Remember, existing MFA users aren’t impacted by these changes – so why not set up MFA on your account now.
View the handy guide and watch the video below to learn how to set up and use MFA.
What’s next?
Phase TWO (Due Oct 2024 – March 2025):
To further meet ATO Digital Service Provider regulations – all users that are not using MFA will need to transition to MFA – (Momentum will be here to assist transitioning all users on your site to MFA.)
Your site will be updated making MFA mandatory – MYOB will segment customers into cohorts to roll out mandatory MFA. Each cohort will be given time to make the changes before an assigned due date. On this due date your site will be updated to enforce mandatory MFA for all users.
As well there will be some additional changes made to the MFA authentication to support best practice including:
- Change from 30 day to 24-hour reauthentication: Currently users have the option to “remember me” for 30 days and within this period they will not be promoted to reauthenticate. These 30 days will be reduced to 24 hours and essentially requires a user to reauthenticate via MFA on a daily basis.
- 30-minute inactive user lock: Currently, if a user is inactive in their session for a period of more than 4 hours, the system will lock and require the user to reauthenticate when they come back. In line with security best practice this timeout period will now drop to 30 minutes.
Have some questions?
Momentum Support Ninja’s are here to support you through these changes. We will provide further details in the coming weeks, in the meantime if you have any questions, please contact Momentum Support by email support@momentumss.com.au or phone (07) 5479 1877.