Add Two Factor / Multi-factor Authentication

This is great. Thanks for making this happen.

Thanks for your reply Jason.

Hi Kris, this item's status is planned so we have scheduled it already (for Reckon One). We have also rolled this out on "Reckon STP", "Reckon Payroll" and "Reckon Payroll mobile" quite some time back. These products sit on a different technology stack, so next is to move Reckon One over to this new identity stack. Unfortunately this is complex. Very complex, and we have some large blockers before we can proceed - all of those blockers are in development now. Later next year this new identity stack will allow us to release our own auth app to compliment SMS. Of course we already offer SSO via Google and Office as an added security layer. Very soon we'll be adding Apple for our app and web users, and again all products will eventually benefit from the work we are putting in up front. At this stage Reckon One should have this in Q2 next year.

Hi Jason, with all due respect, I hope your job at Reckon has nothing to do with IT security. When you use the number of votes to justify your lack of action on MFA, you made it clear that Reckon does not take security seriously. INFO-Sec folks have been shouting about MFA being a must-have, since 2015. Opt-in only is fine, just give it to us NOW. Looking at recent optus and medibank hacks, do you still stand by your comment: not enough vote?

Low votes on some ideas page is not a good reason for going slow on this. Why not show some leadership on this, 2FA offers better security, and unless you have a good counter-argument to that , I can't understand why it wasn't implemented years ago. It's 2020, and 2FA has been around for a long time, it should 100% be an option for customers on the portal.

I'm not sure about the 2 votes for MFA on the online platform. I had asked about this quite a while ago and have been waiting for it to come in before we moved to the online product as we are currently using the desktop version. By the sounds of it I should have raised it directly more than once for my vote to be counted. I'm sure there are other people sitting back waiting for it to come in before moving to the online versions.

Hi Torian. We have commenced a project to bring MFA across all apps in our portal. Our intention is for the service to remain as 'Opt In' only (that is where the hard work is, not in the MFA itself). This will take some time as it is included in a much broader Reckon Portal enhancement. ** Note this idea has only had 2 votes to-date in 12 months.

I do not understand why MFA is not mandatory here, i understand now much of a headache it is, but would't it be more of an issue if a company lost all their data because they had not backed up and had a login password set to a simple password. there is so much information contained in reckon about employees of the company, financial information about the company and customer billing details.

I understand that MFA is a headache and slows users down when trying to log in, but if someone hacks the system and changes all the payment information on invoices then what would be done from there?

what security options are there, is there anything that actually enforces complex passwords for users?

this is public and open on the internet.

Hi Craig. MFA is actually not mandatory other than for Single Touch Payroll lodgements in Australia. As I noted in February we are looking to see if we make this optional, however given we only have 2 votes in 5 months we suspect (and what we have heard in interview sessions) that users find MFA too time consuming. Therefore we'll focus on other priorities at this stage. It's still a good idea though and one we want to do.

Or preferable something the Microsoft or Google Authenticator.  I would have thought that MFA is mandatory in todays day and age.

MFA is to time consuming

Hi and thanks for the idea. We enforce 2FA / MFA on single touch payroll as it is mandatory (from the ATO). We have had overwhelming feedback from our customers that they do not want MFA across the entire app. That said, we do believe there is a use case for our customers who DO want MFA, so we will at some point offer MFA to all customers, but as OPTIONAL only. Kind regards, Jason.