Help us improve

Implementation of 2 Factor Authentication for logging in to view payslips

I spoke with Anneli on the support chat today and was told that currently 2FA is not an option when logging into Kashflow to see my payslips. Anneli also mentioned that this is currently not even on the development roadmap.

In the current climate and with ever-increasing attacks our our personal data and digital security it's surprising that this isn't already a feature, let alone that it doesn't even appear to be under consideration.

Given the amount of highly confidential information contained on our payslips I would strongly recommend that some form of 2FA (through something like Google Authenticator etc, not one using text messages which are themselves insecure) be implemented in order to provide a greater level of data security.

It was my employer that chose Kashflow for issuing our payslips, however it's my confidential data that Kashflow are ultimately responsible for securing.

Please could you look to implement a robust 2FA solution?

  • Guest
  • Jan 21 2021
  • Acknowledged
  • Attach files
  • Danny Turnock commented
    11 Jan 02:46pm

    Are there any updates to this, we are in the same siuation trying to pass CE and then CE Plus and without 2FA/MFA we will need to find another cloud soltiuon? Thanks

  • Martin Levoir commented
    17 Aug, 2023 04:42pm

    The need for 2FA / MFA is now urgent. Cyber Essentials Plus is now mandatory in many supply chains and for 2023 this requires MFA on all cloud based services. If it is a choice of losing key customers or changing accounting system then many of your customers will move to Xero or similar. Please prioritise and communicate that this is being implemented as the time for having to change system is very close.

    Key Cyber Essentials Plus Changes for 2023

    MFA Requirements for Cloud Services: One of the most significant changes to the scheme is that multi-factor authentication (MFA) is now required for all users across all cloud services.

    Customer Requirements: Cyber Essential Plus is becoming more commonly mandated in the supply chains of both public and private sector organisations and it demonstrates your commitment to good cyber security practices.

  • Chris Howland commented
    9 May, 2023 01:46pm

    So, is 2FA now available in Kashflow? I can't see it in any of the options and for a finance product this is pretty much an essential requirement.

  • James Bisset commented
    27 Jan, 2022 04:48pm

    As a brand new Kashflow client working in the IT Security sector, can I strongly suggest that this request is bumped high up on the backlog agenda.

    With the EU SCA Directive for finance systems in force, there's a strong compliance objective to have this in place. Memorable words as secondary passwords are no longer sufficiently secure and time based one time passcodes (TOTPs) such as provided by various authenticator apps are more secure and more convenient.

    This really should be a high priority to implement.

  • Guest commented
    22 Dec, 2021 11:12pm
    Hi, it's been nearly a year since my request for 2FA and 6 months since the comment by Leanne that it's on your 'to-do' list. Any gavin on 2FA being implemented to better secure customer data?
  • Stuart commented
    2 Nov, 2021 08:09pm

    2FA is very important. fido2 is an open standard.

    Yubikeys (Which also support fido2) are good for enterprise use. Very convenient too.

    Being dyslexic I cant tell you how frustrating the existing "enter character x" is.

  • Leanne Oxley-Hold commented
    7 Jun, 2021 03:30pm

    Good Afternoon,

    Thank you for taking the time to send us your feedback.
    Id like to reassure you that this is in our backlog to be looked into and we will update you once this is implemented.
    I can only apologise if you have been given the incorrect information previously and will feed this back through the necessary channels