Master QuickBooks Faster

Master Quickbooks with our expert-led training courses
United States United Kingdom Australia Canada (English) Canada (French) France Singapore South Africa Global Ireland
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
StefKorson
Level 1
posted
‎September 04, 2024 07:54 PM
last updated ‎September 04, 2024 11:54 AM

Urgent need: enforce MFA for all users - addressing a security risk

Hi QuickBooks team, we really need your attention on this critical security feature that remains unimplemented.

 

I'm sharing this as constructive criticism. In this community we all want to see Quickbooks continue to thrive and grow, hence why I think it's important to draw attention to this issue.

 

In 2024, it's becoming increasingly concerning that QuickBooks Online still doesn't allow us to enforce multi-factor authentication (MFA) for all company users. This is a major security risk, especially with the sensitive financial data we handle.

 

Previous posts requesting this feature date back to at least 2020 and the cybersecurity landscape has moved on significantly since then.

Not being able to enforce MFA makes it difficult to comply with basic security standards like UK Cyber Essentials.
The lack of this feature is putting our businesses at risk.


Can we please request an official update at least confirming where this feature is on the product roadmap? We really need visibility of when this will be resolved, it's becoming urgent now.

 

Thanks!

0 Cheers
Cheer
Reply Join the conversation
1 REPLY 1
StefKorson
Level 1
‎September 04, 2024 08:01 PM

Urgent need: enforce MFA for all users - addressing a security risk

As suggested by QuickBooks staff in other posts, I've submitted a formal feature request. I'm sharing the details here for community visibility and to gather additional support and feedback.

 

Key features requested:

 

  • Enforce MFA at the company level: This is essential for baseline security and compliance.
  • Official policy on accountant MFA: We need reassurance that all external accountants accessing our data are also using strong MFA.
  • Reporting/alerts for users without MFA: At the very least, we need a way to monitor and be alerted about users without MFA enabled.
  • 3rd party identity provider integration: As a potential alternative approach, consider supporting integration with providers like Microsoft Entra ID that already offer robust MFA, customers could then choose to disable the single-factor Intuit account logins.
  • Remove SMS-based MFA, add hardware keys: SMS-based MFA is vulnerable; we need more secure options.

 

Community, please share your thoughts and experiences. Let's make our voices heard!

Reply Join the conversation
Featured
Get started with QuickBooks Online
Ready to get started with QuickBooks Online? This walkthrough guides you th...
Read more

Need to get in touch?

Contact us