I spoke with Anneli on the support chat today and was told that currently 2FA is not an option when logging into Kashflow to see my payslips. Anneli also mentioned that this is currently not even on the development roadmap.
In the current climate and with ever-increasing attacks our our personal data and digital security it's surprising that this isn't already a feature, let alone that it doesn't even appear to be under consideration.
Given the amount of highly confidential information contained on our payslips I would strongly recommend that some form of 2FA (through something like Google Authenticator etc, not one using text messages which are themselves insecure) be implemented in order to provide a greater level of data security.
It was my employer that chose Kashflow for issuing our payslips, however it's my confidential data that Kashflow are ultimately responsible for securing.
Please could you look to implement a robust 2FA solution?
As a brand new Kashflow client working in the IT Security sector, can I strongly suggest that this request is bumped high up on the backlog agenda.
With the EU SCA Directive for finance systems in force, there's a strong compliance objective to have this in place. Memorable words as secondary passwords are no longer sufficiently secure and time based one time passcodes (TOTPs) such as provided by various authenticator apps are more secure and more convenient.
This really should be a high priority to implement.
Attachments Open full size
Attachments Open full size
2FA is very important. fido2 is an open standard.
Yubikeys (Which also support fido2) are good for enterprise use. Very convenient too.
Being dyslexic I cant tell you how frustrating the existing "enter character x" is.
Attachments Open full size
Good Afternoon,
Thank you for taking the time to send us your feedback.
Id like to reassure you that this is in our backlog to be looked into and we will update you once this is implemented.
I can only apologise if you have been given the incorrect information previously and will feed this back through the necessary channels
Regards
Leanne
Attachments Open full size