Help us improve

2 Factor Authentication

Hi

When I log in to Kashflow (as a client), I've noticed that I can set both my password and memorable word to the same thing - which presumably is not that secure?

Would it be a good idea to have 2 Factor Authentication as part of the log in process?

I use other online services for my business, such as MailChimp which has 2 Factor Authentication (Google Authenticator), and which they incentivise me to use by giving me a 10% discount on my subscription.
  • Guest
  • Jan 10 2017
  • Acknowledged
  • Jan 10, 2017

    Admin response

    Hi Hugo, Thanks for your feedback. We have not had any security issues with our current login process and have found it to be extremely secure. Our current login process ties in with our KashFlow Connect platform so unfortunately we cannot make any changes at this time, unless we do find that there is an urgent security risk. If you do have any concerns about the security of your login or the data on KashFlow please visit our website which provides information about our data protection policy and data storage.
  • Attach files
  • Guest commented
    22 Jan 02:57pm

    Please implement. We will need to leave Kashflow, as part of Cyber Essentials Plus accreditation which our clients demand. Thank

  • Guest commented
    22 Jan 02:54pm

    UK Cyber essentials plus 2FA has become a requirement, can this not be implemented with either code to mobile / email or use of google authenticator app

  • Guest commented
    22 Jun, 2023 03:26pm

    The UK CyberEssentials scheme now requires MFA on any cloud service, such as Kashflow. When is Kashflow going to implement this?

  • Guest commented
    10 Jan, 2017 09:27am

    I find the current log in process to be a bit of a pain. It's a nice, secure method, but I have to keep referring to a "crib" with my memorable word so that I can efficiently access the service. The existence of the crib dilutes the security to some degree.

    I agree with Hugo. A method like google authenticator would maintain (or perhaps improve) security.

    I accept that Google Authenticator (or similar) is also likely to be seen as a pain by some. It's an extra step, but it's a method I already use on other services and it removes the need to either carry a crib, or set a worthless memorable word; aaaaa for example.