fmAccounting Link and Two-factor authentication with Xero and MYOB

As more IT services move to the cloud the risk of unauthorised access and security breaches becomes something that most small business owners need to manage in order to protect access to their critical business systems and sensitive data. The past few years has seen a significant increase in the number of online services coming under cyber attack and sustaining security breaches, as well as the rise in identify theft and online fraud. Security industry research shows that over 40% of cyber attacks last year targeted small businesses and this is increasing.

In additional to the traditional username and password login, many online services now offer an extra layer of protection in the form of two-factor authentication, also commonly referred to as 2FA. With two-step authentication enabled you need to provide two authentication “factors” to login alongside your username. The first factor is something you know – typically your account password.  The second factor is something you have – typically a unique code that’s generated by a separate app on your smartphone or sent via SMS to your registered mobile phone.

Some of the largest online services including Google, Microsoft, Apple, Twitter, Facebook and LinkedIn now offer two-factor authentication – users will typically have to first login using their username/password, then immediately have to enter a 2nd level of authentication (typically a one time code that is sent via SMS or generated via an authenticator app like Google Authenticator).

Two-factor authentication is available for both Xero and MYOB, and in Australia the use of 2FA will be mandatory for accountants and bookkeepers by 30 June 2018 to meet new industry standards set out by the Australian Tax Office. We’ve been using two-factor authentication with Xero and MYOB and are pleased to report there are no issues with 2FA and the use of fmAccounting Link (Xero Edition) or fmAccounting Link (MYOB AccountRight Edition).

With our fmAccounting Link (Xero Edition) solution we connect to the Xero API via the use of a Private Application, so users are not required to authenticate each time they connect to the Xero API to upload or download data. With fmAccounting Link (MYOB AccountRight Edition) if you are using the MYOB Cloud to host your AccountRight company file you will simply be presented with the additional login page to enter your 2FA code – here’s a screenshot showing this:

You can learn more about two-factor authentication for Xero and MYOB at the following links:

• Xero: Set up two-step authentication
• MYOB: Two-factor authentication