This is a load of crap! I just brought this up at work (where we use QBO Accountant and have access to all our clients' bookkeeping as well) and nobody's 2FA was turned on! Each of us had to turn it on manually and set it up even though we have all been using our accounts for some time. This means any employee who is a little annoyed by the extra step can easily just shut it off again. An accountant with access to client's bookkeeping can set up new employees in payroll, change accounts where customer payments are deposited, and add new vendors for EFT payments. You can see how easy it would be, if the accountant's login was compromised, for the hacker to steal money from LITERALLY EVERY CLIENT that accountant has! This could ruin an entire practice. The admin of an accounting firm using QBO to access client bookkeeping should be able to FORCE all users to use 2FA. There should be no way to turn it off or operate without it, aside from maybe specific PCs being trusted. How is this not part of user setup?
