I spoke with Anneli on the support chat today and was told that currently 2FA is not an option when logging into Kashflow to see my payslips. Anneli also mentioned that this is currently not even on the development roadmap.
In the current climate and with ever-increasing attacks our our personal data and digital security it's surprising that this isn't already a feature, let alone that it doesn't even appear to be under consideration.
Given the amount of highly confidential information contained on our payslips I would strongly recommend that some form of 2FA (through something like Google Authenticator etc, not one using text messages which are themselves insecure) be implemented in order to provide a greater level of data security.
It was my employer that chose Kashflow for issuing our payslips, however it's my confidential data that Kashflow are ultimately responsible for securing.
Please could you look to implement a robust 2FA solution?
Guest
The need for 2FA / MFA is now urgent. Cyber Essentials Plus is now mandatory in many supply chains and for 2023 this requires MFA on all cloud based services. If it is a choice of losing key customers or changing accounting system then many of your customers will move to Xero or similar. Please prioritise and communicate that this is being implemented as the time for having to change system is very close.
Key Cyber Essentials Plus Changes for 2023
MFA Requirements for Cloud Services: One of the most significant changes to the scheme is that multi-factor authentication (MFA) is now required for all users across all cloud services.
Customer Requirements: Cyber Essential Plus is becoming more commonly mandated in the supply chains of both public and private sector organisations and it demonstrates your commitment to good cyber security practices.
Attachments Open full size
So, is 2FA now available in Kashflow? I can't see it in any of the options and for a finance product this is pretty much an essential requirement.
Attachments Open full size
As a brand new Kashflow client working in the IT Security sector, can I strongly suggest that this request is bumped high up on the backlog agenda.
With the EU SCA Directive for finance systems in force, there's a strong compliance objective to have this in place. Memorable words as secondary passwords are no longer sufficiently secure and time based one time passcodes (TOTPs) such as provided by various authenticator apps are more secure and more convenient.
This really should be a high priority to implement.
Attachments Open full size
Attachments Open full size
2FA is very important. fido2 is an open standard.
Yubikeys (Which also support fido2) are good for enterprise use. Very convenient too.
Being dyslexic I cant tell you how frustrating the existing "enter character x" is.
Attachments Open full size
Good Afternoon,
Thank you for taking the time to send us your feedback.
Id like to reassure you that this is in our backlog to be looked into and we will update you once this is implemented.
I can only apologise if you have been given the incorrect information previously and will feed this back through the necessary channels
Regards
Leanne
Attachments Open full size