As suggested by QuickBooks staff in other posts, I've submitted a formal feature request. I'm sharing the details here for community visibility and to gather additional support and feedback.
Key features requested:
- Enforce MFA at the company level: This is essential for baseline security and compliance.
- Official policy on accountant MFA: We need reassurance that all external accountants accessing our data are also using strong MFA.
- Reporting/alerts for users without MFA: At the very least, we need a way to monitor and be alerted about users without MFA enabled.
- 3rd party identity provider integration: As a potential alternative approach, consider supporting integration with providers like Microsoft Entra ID that already offer robust MFA, customers could then choose to disable the single-factor Intuit account logins.
- Remove SMS-based MFA, add hardware keys: SMS-based MFA is vulnerable; we need more secure options.
Community, please share your thoughts and experiences. Let's make our voices heard!
