Help us improve

Implementation of 2 Factor Authentication for logging in to view payslips

I spoke with Anneli on the support chat today and was told that currently 2FA is not an option when logging into Kashflow to see my payslips. Anneli also mentioned that this is currently not even on the development roadmap.

In the current climate and with ever-increasing attacks our our personal data and digital security it's surprising that this isn't already a feature, let alone that it doesn't even appear to be under consideration.

Given the amount of highly confidential information contained on our payslips I would strongly recommend that some form of 2FA (through something like Google Authenticator etc, not one using text messages which are themselves insecure) be implemented in order to provide a greater level of data security.

It was my employer that chose Kashflow for issuing our payslips, however it's my confidential data that Kashflow are ultimately responsible for securing.


Please could you look to implement a robust 2FA solution?

  • Guest
  • Jan 21 2021
  • Acknowledged
  • Attach files
  • James Bisset commented
    27 Jan 04:48pm

    As a brand new Kashflow client working in the IT Security sector, can I strongly suggest that this request is bumped high up on the backlog agenda.

    With the EU SCA Directive for finance systems in force, there's a strong compliance objective to have this in place. Memorable words as secondary passwords are no longer sufficiently secure and time based one time passcodes (TOTPs) such as provided by various authenticator apps are more secure and more convenient.

    This really should be a high priority to implement.

  • Guest commented
    22 Dec, 2021 11:12pm
    Hi, it's been nearly a year since my request for 2FA and 6 months since the comment by Leanne that it's on your 'to-do' list. Any gavin on 2FA being implemented to better secure customer data?
  • Stuart commented
    2 Nov, 2021 08:09pm

    2FA is very important. fido2 is an open standard.

    Yubikeys (Which also support fido2) are good for enterprise use. Very convenient too.


    Being dyslexic I cant tell you how frustrating the existing "enter character x" is.

  • Admin
    Leanne Oxley-Hold commented
    7 Jun, 2021 03:30pm

    Good Afternoon,

    Thank you for taking the time to send us your feedback.
    Id like to reassure you that this is in our backlog to be looked into and we will update you once this is implemented.
    I can only apologise if you have been given the incorrect information previously and will feed this back through the necessary channels

    Regards

    Leanne