Help us improve

Implementation of 2 Factor Authentication for logging in to view payslips

I spoke with Anneli on the support chat today and was told that currently 2FA is not an option when logging into Kashflow to see my payslips. Anneli also mentioned that this is currently not even on the development roadmap.

In the current climate and with ever-increasing attacks our our personal data and digital security it's surprising that this isn't already a feature, let alone that it doesn't even appear to be under consideration.

Given the amount of highly confidential information contained on our payslips I would strongly recommend that some form of 2FA (through something like Google Authenticator etc, not one using text messages which are themselves insecure) be implemented in order to provide a greater level of data security.

It was my employer that chose Kashflow for issuing our payslips, however it's my confidential data that Kashflow are ultimately responsible for securing.


Please could you look to implement a robust 2FA solution?

  • Guest
  • Jan 21 2021
  • Acknowledged
  • Attach files
  • Paul Davison commented
    21 Aug 11:12

    Any updates to the lack of MFA on Kashflow? We'll be leaving you if this is not enabled soon. Plus a whole load of other clients at our accountants.

  • Danny Turnock commented
    11 Jan 14:46

    Are there any updates to this, we are in the same siuation trying to pass CE and then CE Plus and without 2FA/MFA we will need to find another cloud soltiuon? Thanks

  • Martin Levoir commented
    August 17, 2023 16:42

    The need for 2FA / MFA is now urgent. Cyber Essentials Plus is now mandatory in many supply chains and for 2023 this requires MFA on all cloud based services. If it is a choice of losing key customers or changing accounting system then many of your customers will move to Xero or similar. Please prioritise and communicate that this is being implemented as the time for having to change system is very close.

    Key Cyber Essentials Plus Changes for 2023

    MFA Requirements for Cloud Services: One of the most significant changes to the scheme is that multi-factor authentication (MFA) is now required for all users across all cloud services.

    Customer Requirements: Cyber Essential Plus is becoming more commonly mandated in the supply chains of both public and private sector organisations and it demonstrates your commitment to good cyber security practices.


  • Chris Howland commented
    May 09, 2023 13:46

    So, is 2FA now available in Kashflow? I can't see it in any of the options and for a finance product this is pretty much an essential requirement.

  • James Bisset commented
    January 27, 2022 16:48

    As a brand new Kashflow client working in the IT Security sector, can I strongly suggest that this request is bumped high up on the backlog agenda.

    With the EU SCA Directive for finance systems in force, there's a strong compliance objective to have this in place. Memorable words as secondary passwords are no longer sufficiently secure and time based one time passcodes (TOTPs) such as provided by various authenticator apps are more secure and more convenient.

    This really should be a high priority to implement.

  • Guest commented
    December 22, 2021 23:12
    Hi, it's been nearly a year since my request for 2FA and 6 months since the comment by Leanne that it's on your 'to-do' list. Any gavin on 2FA being implemented to better secure customer data?
  • Stuart commented
    November 02, 2021 20:09

    2FA is very important. fido2 is an open standard.

    Yubikeys (Which also support fido2) are good for enterprise use. Very convenient too.


    Being dyslexic I cant tell you how frustrating the existing "enter character x" is.

  • Leanne Oxley-Hold commented
    June 07, 2021 15:30

    Good Afternoon,

    Thank you for taking the time to send us your feedback.
    Id like to reassure you that this is in our backlog to be looked into and we will update you once this is implemented.
    I can only apologise if you have been given the incorrect information previously and will feed this back through the necessary channels

    Regards

    Leanne