MYOB introduced regulatory compliance of Two Factor Authentication (2FA) from October 1, 2024.

The changes resulting from this were:

Users will be prompted at least once every 24 hours
The maximum time between 2FA prompts will be 24 hours.
Previously the prompt for 2FA was if the risk factor had become too high and there was no certainty of the same user.

What does this Mean?
Users who previously only had to enter their email when using the purple login will now have to enter an authentication code at least once per day. This will be much more secure.

Full enforcement is on the way
To stay compliant with security obligations, MYOB will be pushing toward secure authentication eventually for all users.
The mandatory enforcement is not in place yet but will be required.

Changes affect both Australia and New Zealand
These changes are required for ATO compliance and also reflect industry best practice for cloud applications. 2FA should be used for any sensitive data.