Skip to content

Improved security

MYOB is continuing to invest in the latest security advancements to protect the data of you and your clients. We've just released a new security enhancement, with another one soon to come.

(Coming soon) Inactivity sign out

From 27 November 2024, you'll be automatically signed out of MYOB after 20-30 minutes of inactivity in the product (for an explanation of what inactivity is, see the FAQs below).

After this time has elapsed, the screen will be locked and blurred, and you'll see a message prompting you to sign back in:

Inactivity sign out for MYOB Business

Once you sign back in, you can resume working. This change will affect the following products:

  • MYOB AccountRight desktop app (online files only)

  • MYOB Business

  • MYOB AccountRight browser

  • MYOB Connected Ledger

  • MYOB Business Payroll Only

  • MYOB Practice.

    You won't need to complete 2FA every time you sign back in - 2FA is only required once every 24 hours when using MYOB.

Responding to this change

This change will happen automatically, so you don't need to update your existing 2FA settings or sign-in details. We recommend that when you’re presented with the Are you still there? message that you click Sign in using [existing email] to return to work in progress.

Why we're making this change

We're doing this to meet best practice in an increasingly challenging security environment and to further protect your sensitive business data from unauthorised access. For example, if you leave your MYOB product open, we want to reduce the chance that someone might use your user access to do something they shouldn't.

This change also complies with the latest Digital Services Provider guidelines from the ATO and ensures that MYOB products will continue to work with ATO online services.

You need to enter a 2FA code at least once every 24 hours (only when using MYOB)

Previously released

On 30 September, we removed the option to remember your device for 30 days and replaced it with the requirement to sign in and enter a 2FA code at least once every 24 hours. 2FA is only required when you're working in MYOB. You don’t need to enter a 2FA code when you’re not using MYOB, like on weekends.

For example, if you only use MYOB Business a few hours once a week, you only need to sign in and complete 2FA when you open it then. If you use it continually every day, you need to sign in and complete the 2FA check at least once each day.

This change affects MYOB Business, (including MYOB Business Connected Ledger), MYOB Businsess Payroll Only, AccountRight, MYOB Acumatica and MYOB Practice. It also applies to any MYOB services you need to sign into, like My Account.

2FA tips

  • Set up an additional 2FA method if you haven't already. This gives you more options for receiving 2FA codes and helps you avoid sign-in hassles. Find out how to set up an additional 2FA method.

  • If you have multiple files, stay signed in when you switch between them. If you do this, you may not need to complete 2FA as frequently. To switch to another file:

    • In AccountRight desktop, go to the File menu > Open...

    • In MYOB Business or AccountRight browser, click your business name > Switch business.

Manage your password and 2FA settings in My Account

If you need to change your sign-in password or reset your 2FA, you can do this yourself in My Account. Just go to the Account security page in My Account (myaccount.myob.com/account/security). For more information, see Manage your security in My Account.

Need to report a security concern? If you receive a suspicious email or have any other security concerns, report the issue to MYOB without delay.

FAQs

What's changing?

AddAdd

From Wednesday 27 November 2024, users will be automatically signed out after 20-30 minutes of inactivity in MYOB products including: MYOB Business, MYOB AccountRight an AccountRight browser (online files only), MYOB Connected Ledger, MYOB Business Payroll Only and MYOB Practice. After this time, the screen will become locked and blurred. To continue working, users will need to sign back in with their username and password. 

What is 'inactivity'?

AddAdd

For browser-based products, like MYOB Business, AccountRight Browser, MYOB Business Payroll Only and MYOB Connected Ledger, inactivity is defined as a 20-30 minute period where you haven’t clicked a button or navigated to another page.

If you do these things before the inactivity sign-out, your session will be extended.

Mouse movements and keystrokes are not deemed as activity. So, if you've been entering lines in an invoice or general journal for more than 20 minutes, but haven't clicked Save yet, or opened any other pages, you may still get the inactivity sign out message.

For AccountRight desktop and MYOB Practice Online, inactivity is defined as a 20-30-minute period where a user hasn’t interacted with the application in any way, including:

  • mouse clicks

  • keystrokes

  • button clicks.

If you perform any of the above actions, your session will be extended for a further 20-30 minutes.

What do I need to do?

AddAdd

When you’re presented with the Are you still there? message we recommend that you click Sign in using [existing email] to return to work in progress.

Will I lose my work when I'm signed out?

AddAdd

If you sign back into your account using your existing email, you won’t lose any work in progress and can continue where you left off. However, if you choose to sign in to a different account, your work will not be saved. 

If you click Back or Reload, or if you don’t sign back in after 12 hours, you'll also lose work in progress.

How does the inactivity sign-out work between AccountRight desktop and AccountRight browser?

AddAdd

When you are logged into both the AccountRight Desktop and AccountRight Browser at the same time, each session will operate independently. This means that if you are inactive in the Desktop version, you can remain active in the Browser version. The inactivity timeouts for these sessions are separate from one another.   

Can I share sign-in details with my staff?

AddAdd

No. As either a subscriber or user, you must keep your username and password secure and confidential. You should never tell anyone your username and password or let anyone else – whether acting as your agent or not – access your product using your username and password. These form part of the terms and conditions for your product. Learn more here

Each company file user must have their own MYOB account sign-in details and have 2FA set up. See how to invite a user into your file.