IMPORTANT INFO - Multi Factor Authentication for Reckon Accounts Hosted 🔒

@Rav,thank you for your reply. I am entirely across the requirements of MFA as a BAS Agent of many years. The point I am making is that all the other accounting programs I use that require MFA have implemented it at the User level. There would be no shared login if you implement it at that stage as every user would have their own password, and the MFA would be linked to that - not the Licence. Some of the work-arounds above that involve sharing codes are quite counter-intuitive to the whole reason we have MFA and I would think would be in breach of the ATO requirement. I really feel that the only practical and financially viable solution is to change my current RAH clients to other software that approaches this differently. Is there any chance that Reckon could implement the MFA at the User level?

is this MFA different to the one I already have to do STP? We have 3 users on our account, can each user's log in have their own mobile number attached to get this MFA?

Thanks @Rav & @Kris_Williams, it's not very convenient when I'm choosing to do some bookwork at 9pm at night, and having to ring or text someone for the code. We've already had this situation happen last week, so we have removed the MFA for now. I want a more permanent solution than this.

We are a church Diocese using Reckon hosted for parish bookkeeping. Many of our parishes cannot afford a single license, hence why we have 2 parishes sharing. We have 12 paid licenses of which 10 are shared by 2 parishes each.

Hi Rav we are not sharing the one user or password - I have set up Users, as permitted by Reckon, with their own log in details and their own password. Why can't these separate users have access to setup their own 2FA. To suggest we need to buy another licence is inappropriate since we are using the software as it's intended to be used - legitimately. To have another user contact me for their 2FA is not appropriate and a failure of this software.

I just got an email from our Computer support is this of concern:

Important Security Update on New Attacks Bypassing MFA

We are writing to inform you of a new type of 'Person-in-the-middle (PITM)' phishing attack that is currently targeting Microsoft 365 tenants. This sophisticated approach has the ability to bypass Microsoft MFA (Multi-Factor Authentication). As cyber criminals are continually evolving and advancing their tactics, it is crucial to take proactive measures to protect ourselves.

We currently have one licence with multiple people using this you mentioned. If you require more than one user, then you need a multi-user licence. what is the cost of this. Is this the same amount as having the original licence or is there a cheaper licence for a second user. As we have administration staff and the current price is just not worth it for us.

Hi Rav and others, I am quite sure in the contract it states somewhere..just looking still..that we will not be forced to upgrade to more licences. I require one other person to login and check records, thats all. It is not appropriate to charge another license fee for that, therefore also not viable. In fact I tried to cancel my account and it was refused. The contract to Hosted seems so tight theres no getting out of it. That has rang alarm bells. Reckon Hosted is going down big time and it is best to lose money and go elsewhere than stay with Reckon Hosted. Reckon Hosted is a dead duck with your customers leaving. You only have to read MMC reviews. I would recommend NO-ONE to sign to Hosted after what I've experienced. Hosted is just a trap.

Hi Danielle I am wondering why your comments disappeared from Reckon??

Thanks Rav I did not read that, shame!

If this is an ATO requirement per se, why are non-Australian users being made to use MFA. We have 11 people using Reckon and are struggling to figure out how to effectively set this up.

Can you have multiple users use one cellphone or is it a 1 to 1 relationship. We are not comfortable asking users to install and setup on their own personal cellphone. Will investigate using a browser-based authenticator.

if you use the same login for Hosted and lodging STP in Reckon Gov Connect it will just say all done and you don’t have to do anything else

@Rav - yes this would be the issue, the subscriber of the software has MFA enabled for STP. Will all other users who have separate logins need their own MFA or how will this work?