Following an internal review of security practices within BBS Accounting, it has been discovered that a recent change to the Australian Taxation Office security requirements, requires us to enforce multi-factor authentication (also known as MFA or 2FA - two-factor authentication) for all users that have access to Taxation, Accounting, Payroll and Superannuation related information. Below is an excerpt from the data security requirements framework for Digital Service Providers from the ATO website.

 

 

To this end, BBS has developed an MFA process that will allow users logging into BBS Accounting with the above mentioned access to use an authenticator app such as Microsoft Authenticator or Google Authenticator on their mobile device to receive a one-time-password in order to gain access to the system. users will only be required to enter the one-time-password once per 8 hour period unless they login again from a different device.

 

Users that do not have access to Taxation, Accounting, Payroll or Superannuation related information, such as sales reps, customer service staff, warehouse staff and POS logins will not require MFA to access BBS, however it can be enabled if desired.  

 

For companies that are currently receiving an SMS message with a one-time-password in order to gain access to the payroll module, the new MFA process which will be enforced at the BBS login screen will replace this requirement and therefore will no longer be necessary.

 

Over the next few months, BBS staff will work with business owners and system managers to progressively on-board each of your users identified as requiring MFA.

 

While we understand and sympathise that multi-factor authentication can be inconvenient, given recent events it has to be agreed that the security of your critical business data is of the utmost importance, and therefore all steps that can be taken to protect the data should be taken.