IMPORTANT INFO - Multi Factor Authentication for Reckon Accounts Hosted 🔒
Comments
-
@Rav,thank you for your reply. I am entirely across the requirements of MFA as a BAS Agent of many years. The point I am making is that all the other accounting programs I use that require MFA have implemented it at the User level. There would be no shared login if you implement it at that stage as every user would have their own password, and the MFA would be linked to that - not the Licence. Some of the work-arounds above that involve sharing codes are quite counter-intuitive to the whole reason we have MFA and I would think would be in breach of the ATO requirement. I really feel that the only practical and financially viable solution is to change my current RAH clients to other software that approaches this differently. Is there any chance that Reckon could implement the MFA at the User level?
0 -
Yeah we know you are being compliance, but Reckon does need to hear everyone to understand the bigger picture of reality before lots of clients leave Reckon behind for good.
If no one comments, then you are not aware of the trouble caused, and then help solve it.
0 -
@carmel I think it’s important to note that Hosted is not “online” like the others though, it’s the desktop program that’s being ‘Hosted’ on Reckon’s own servers so this has more integration/linking challenges than the Cloud products 😬
Shaz Hughes Dip(Fin) ACQ NSW, MICB
*** Reckon Accredited Partner (AP) Bookkeeper - specialising EXCLUSIVELY in Reckon Accounts / Hosted ! ***
* Regd BAS Agent (No: 92314 015)* ICB-Certified Bookkeeper* Snr Seasonal Tax Consultant since 2003 *
Accounted 4 Bookkeeping Services
Ballajura, WA
(NB: Please give my post a Like or mark as Accepted Answer if I have been able to resolve your query as this helps others when seeking solutions!)
2 -
You're referring to file user credentials set at a company file level, not every Hosted user uses this, its an optional functionality and is used to differentiate access to a file based on required/relevant permissions. MFA cannot be set at this level, it's already past the point of login to the service.
Put simply, a login (username) to the Hosted service = an individual user.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
is this MFA different to the one I already have to do STP? We have 3 users on our account, can each user's log in have their own mobile number attached to get this MFA?
0 -
no unfortunately only one MFA code per license. You will have to call the other users and give them the code when they log in
0 -
Hi @Sonya Herbert, that's a good question and the answer will differ so I'll just add some clarification around this below in case there's any confusion.
You'll no doubt be familiar with logging into the Reckon Portal to access GovConnect for your STP submissions and as you know this has its own MFA.
An important point to know is, if you're logging into that Reckon Portal account for your STP with your Reckon Accounts Hosted user name (ie. the same user name that you use to login to Hosted itself), then when you enable MFA in Hosted it will use that same MFA for both Hosted and the Reckon Portal.
When you enable MFA in Hosted you'll see a message to indicate this as shown below 👇
⚠️ The above only applies to users who login to the Reckon Portal with their Hosted user name.
If you're logging into Portal in a different way eg. an email address then please follow the steps to enable MFA in Hosted here - How do I setup MFA for Reckon Accounts Hosted? 🔒ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
Hi Rav, I sent you a message on April 15, but I'm still awaiting a reply. How does this work for 2 people using the same license? I can see many are asking the same question but I can't see any answers. Can MFA work on 2 phones? I'm guessing not? What are our options other than changing to another bookkeeping software program?
0 -
Sorry about that, I don't seem to have a PM from you in my inbox, I'll take a closer look at that. In the meantime though to answer your question, Multi-Factor Authentication is enabled on the specific Hosted login itself so if you have multiple individuals requiring access, best practice is that they have their own licence which will also mean they will have their own individual MFA on their login.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
the only other way is for the secondary user to get the code from the user whose phone is setup
0 -
Thanks @Rav & @Kris_Williams, it's not very convenient when I'm choosing to do some bookwork at 9pm at night, and having to ring or text someone for the code. We've already had this situation happen last week, so we have removed the MFA for now. I want a more permanent solution than this.
We are a church Diocese using Reckon hosted for parish bookkeeping. Many of our parishes cannot afford a single license, hence why we have 2 parishes sharing. We have 12 paid licenses of which 10 are shared by 2 parishes each.
4 -
I totally agree with you, I’m in the same boat myself
0 -
Hi Rav we are not sharing the one user or password - I have set up Users, as permitted by Reckon, with their own log in details and their own password. Why can't these separate users have access to setup their own 2FA. To suggest we need to buy another licence is inappropriate since we are using the software as it's intended to be used - legitimately. To have another user contact me for their 2FA is not appropriate and a failure of this software.
2 -
If your users have their own login to the service then they'll each have their own individual MFA so there's no need for sharing codes. Please note, I'm referring to a login to the Reckon Accounts Hosted service itself, not a login to the company file which is completely separate and unrelated.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
1 -
I just got an email from our Computer support is this of concern:
Important Security Update on New Attacks Bypassing MFA
We are writing to inform you of a new type of 'Person-in-the-middle (PITM)' phishing attack that is currently targeting Microsoft 365 tenants. This sophisticated approach has the ability to bypass Microsoft MFA (Multi-Factor Authentication). As cyber criminals are continually evolving and advancing their tactics, it is crucial to take proactive measures to protect ourselves.
0 -
Thanks Rav - they say they can't find the dashboard to enable MFA. Could you send a link as to where they enable the 2FA?
0 -
Sure @Loretta Wisdom-Zagon you'll find step by step instructions here - How do I setup MFA for Reckon Accounts Hosted? 🔒
There is also a help guide linked in the opening post of this announcement with detailed info around MFA in Hosted along with instructions as well.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
Hi everyone,
Just adding a note for the wider Community, I appreciate MFA on your Hosted account is going to be an adjustment and for some it might be a bit more of a change than others when it comes to using the service.To be clear, our Hosted licensing terms have always stated that the licence is personal. A single user licence allows only one user of the service. If you require more than one user, then you need a multi-user licence.
The intention of this post isn't about licences or the sharing of licences though, it’s about the upcoming mandatory MFA for Reckon Accounts Hosted and supporting our users with this change. As a company who works closely with our customers, their data and the ATO, we have an obligation to keep our customers data safe. To do this we are required to enable MFA on Hosted in line with ATO requirements to operate as a digital service provider. Failure to do so could potentially mean we can no longer handle Single Touch Payroll at best, and at worst put our valued customers data at risk.
I've seen a few posts or questions appear querying how to circumvent MFA requirements and/or share MFA. While we understand that you may want to find ways to bypass this additional protection of your data, this is at your own risk and discretion, and we strongly discourage this as it goes against our guidelines, ATO requirements and general cyber-security best practices.
Moving forward, I’d ask that Community members refrain from promoting bypassing MFA security as it leaves those users exposed to unnecessary security risks. Any posts advocating or promoting circumventing or bypassing MFA will be removed and we appreciate your cooperation and consideration.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
We currently have one licence with multiple people using this you mentioned. If you require more than one user, then you need a multi-user licence. what is the cost of this. Is this the same amount as having the original licence or is there a cheaper licence for a second user. As we have administration staff and the current price is just not worth it for us.
0 -
Hi @RandCSharp
Our customer service team is happy to have a conversation around getting the licencing side of things organised & setup based on your requirements. Give the team a call on 1800 732 566 and they'll be able to have a chat with our around pricing and your licences.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
Hi Rav and others, I am quite sure in the contract it states somewhere..just looking still..that we will not be forced to upgrade to more licences. I require one other person to login and check records, thats all. It is not appropriate to charge another license fee for that, therefore also not viable. In fact I tried to cancel my account and it was refused. The contract to Hosted seems so tight theres no getting out of it. That has rang alarm bells. Reckon Hosted is going down big time and it is best to lose money and go elsewhere than stay with Reckon Hosted. Reckon Hosted is a dead duck with your customers leaving. You only have to read MMC reviews. I would recommend NO-ONE to sign to Hosted after what I've experienced. Hosted is just a trap.
1 -
Hi all,
We're at the 2 week mark now until mandatory MFA kicks in for Reckon Accounts Hosted.
If you haven't already done so I'd highly recommend thinking about enabling MFA for your Hosted account now so you can get accustomed and familiar with how MFA works, managing it etc before it becomes mandatory and the rush begins on May 15.
If you have any questions or issues with getting MFA setup please let us know.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
Hi Danielle I am wondering why your comments disappeared from Reckon??
0 -
@Barbara Allen-Guthrie while I appreciate it may prove unpopular, as mentioned previously here any posts advocating or promoting circumventing or bypassing MFA will be removed from the Community which is the case in this instance.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
Thanks Rav I did not read that, shame!
0 -
@Barbara Allen-Guthrie and @Rav it's a shame my comment was taken down. Although I am advising others on a work around using the MFA, I am only sharing the same information that was provided to me by a Reckon representative when I phoned them.
0 -
Thanks for the heads up on that @Danielle Matthews. We'll have a chat internally around that to ensure everyone has a clear understanding of the requirements when it comes to MFA and we're all on the same page.
I'll just reiterate my previous messaging above, while I can understand that you may want to find ways to bypass this additional protection of your data, this is at your own risk and discretion, and we strongly discourage this as it goes against our guidelines, ATO requirements and general cyber-security best practices. I'd strongly recommend to all Community members to refrain from promoting bypassing MFA security as it leaves those users exposed to unnecessary security risks. Any posts advocating or promoting circumventing or bypassing MFA will be removed.
ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
0 -
If the file is always used on the same computer in the same location, even by different users at different times you could always install Reckon Enterprise, which you are entitled to, and download the file from Hosted and use on desktop, that way no MFA required.
1 -
If this is an ATO requirement per se, why are non-Australian users being made to use MFA. We have 11 people using Reckon and are struggling to figure out how to effectively set this up.
Can you have multiple users use one cellphone or is it a 1 to 1 relationship. We are not comfortable asking users to install and setup on their own personal cellphone. Will investigate using a browser-based authenticator.
0 -
I clicked on Enable MFA, and it did not give me any options to enter a mobile number, to scan anything, and said it is now setup! If I click on revoke, it asks me to enter a code from my MFA application - which I didn't set up because I wasn't asked to??!! WTH??!!
0 -
if you use the same login for Hosted and lodging STP in Reckon Gov Connect it will just say all done and you don’t have to do anything else
1 -
Are your 11 users sharing a single Reckon Accounts Hosted licence or do they each have their own licence, and therefore their own login?
If its the latter then each user will have their own individual MFA on their Hosted login. The easiest method for MFA is via mobile but if an authenticator app isn't suitable for your users, would SMS be a better option? Its still via mobile however there is no install or setup required, its simply just receiving a code via SMS to their mobile number.As Kris has mentioned, if you've already enabled MFA on the companion Reckon Portal account that accompanies your Hosted login then all you need to do is enable MFA in Hosted. It'll use the same MFA that you're already using with that Reckon Portal account so there is no setup required.
There is a message notifying you of this in Hosted, screenshot example below.ℹ️ Stay up to date with important news & announcements for your Reckon software! Click HERE for more info.
1 -
@Rav - yes this would be the issue, the subscriber of the software has MFA enabled for STP. Will all other users who have separate logins need their own MFA or how will this work?
0
Categories
- All Categories
- 6.4K Accounts Hosted
- 10 📢 Reckon Accounts Hosted - Announcements
- 5.9K Reckon Accounts (Desktop)
- 3 📢 Reckon Accounts Desktop - Announcements
- 1.3K Reckon Payroll 🚀
- 21 📢 Reckon Payroll - Announcements
- 21 Reckon Payroll Help Videos 🎥
- 21 Reckon Mate App
- 2.9K Reckon One
- 7 📢 Reckon One - Announcements
- 10 Reckon Invoices App
- 14 Reckon Insights
- 107 Reckon API
- 822 Payroll Premier
- 307 Point of Sale
- 1.9K Personal Plus and Home & Business
- 62 About Reckon Community