The last few years it has become obvious that having a single password for some applications is not secure enough, especially with increased hacker attacks and phishing scams. Unsuspecting users are being misled into sharing accounts with password codes to fake organisations. In other situations, it’s sometimes tricky to screen passwords entered from prying eyes. And truthfully, some users have become a little too relaxed over keeping passwords private and secure. Changing passwords often was always an option, but higher security was needed.
This brings us to newer security procedures. The two-step verification or authentication. A process where you need to present two pieces of “ID” to verify your identity, or authority to use an application, instead of a singular key or password. Two steps? Think of the process of getting money out of ATM machine. You enter your bank card, and then you enter your pin number in. You cannot access your funds with the card alone or just pin numbers. You need both to access your bank account funds. Can you see that two-step process?
Two-step verifications or Two-factor Authentication processes are becoming more common. Online banking organisations, Microsoft, Apple, Google and other leading brands now require or will offer two-factor authorisation processes. It’s worth making use of these more detailed login processes. Believe us – those who’ve been hacked or found fraudulent interference with their accounts find it a painful and trying experience, especially when funds have been taken, and/or their business integrity affected. Not to mention valuable time lost with resolving things back to order.
Now Xero and MYOB offer this process – please do use it
If you use either Xero or MYOB, this is an option offered. We strongly suggest you set them up for your business if you have not already done so. We can never be too relaxed about security – especially with protecting business data and financial records, and we have a duty to secure any data held about our clients, too.
How does it work? With Xero and MYOB – Users are required to download an ‘Authenticator’ application into their mobile phone, from Google Play. (This is quite a straightforward process explained with accompanying instructions in the links we’ve listed for Xero/MYOB below.)
Whenever the User logs into their accounting application with their usual password, it activates the ‘Authenticator’ application on their mobile phone. A unique passkey number (or barcode) flashes on the mobile screen. The User then enters the passcode (or holds the barcode to the computer screen), and full access is usually granted. The procedures are slightly different for Xero and MYOB, but the concept is the same. Doing a two-step ‘ID’ process is needed to access the application. The Authenticator passcodes (or barcode) changes each time you access the software applications, and have a time expiry – in other words, the codes must be used within a short time to be effective. We assure you this set up is quite straightforward, and codes come through instantly each time you need to access your account. Authenticator codes do not need mobile coverage – the number is generated from within the application – triggered by your login process.
If your phone is not handy or you do not have your mobile – alternate 2 step options are offered by Xero and MYOB. They involve either a listing of back up codes which you need to store carefully or pre-arranged answers to security questions. You can review Xero and MYOB’s alternative processes on links below.
Should you lose your phone or have it stolen, you have these alternate options to access your accounts. (We’ll assume you do use pin code security on your mobiles and do utilise lockdown applications for any lost/stolen mobile devices). More instructions are outlined on both Xero and MYOB websites.
If you have staff accessing your Xero/MYOB accounts – they need to set up this authentication process, too. Passkey codes will then show on their own phones, to match their logins. You or persons who hold the ‘User Settings’ control can always check and review security access at any time.
Here are the links:
We should point out this won’t be a total foolproof process. But it helps raise the barriers to increasing fraudulent attempts by hackers to access accounts. They’re getting smarter, and phishing scams are becoming common. Don’t open or click on links or videos you haven’t requested via email or messages – delete them. If you do have a connection or link with that organisation – call your own contact person there, and check.
Do continue to review other security measures within your business to protect access to your computer or software applications – refer to a previous blog here: Security.
If you have queries or concerns about using two-step authentication processes for your Xero or MYOB subscription – do contact me. If you’d like to consider a Xero or MYOB subscription or have other queries on bookkeeping or business financial work you need help with, call me for a friendly chat to see what we can offer.
Call 027 379 0992 or message me on firstname.lastname@example.org.
Annual Returns – GST Processing – FBT – Payroll Processing – Bookkeeping Online – Tax Agents