Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Is it possible to set up requirements for QBO users on my team to meet certain password requirements and to force them to use MFA?
Good afternoon, @justonwo.
Thanks for hopping into the Community with your question about passwords and MFA requirements for your users.
When your team (users) creates a password, they'll need to have these requirements to save the information successfully:
Combo of:
It must be at least eight characters long as well. This is already set for all users by our system.
With QuickBooks, MFA is a one-time confirmation code through your email or mobile device when you try to log in. MFA is default to ON. However, you can choose to set up two-step verification for each user as another option.
To see which would be best for your business and other details, review this guide: Verify your QuickBooks Online account with mult-factor authentication or two-step verification.
Don't hesitate to come back if you have any further questions about passwords or MFA. I'm always here to lend a helping hand. Bye for now!
I see that I can turn on two-step authentication for myself. Thanks for that.
However, can I make it a policy for the users in my QBO file that they must also set up two-step authentication? I would like to ensure that all my users have to verify every time they sign in. Thanks in advance for the help.
Thank you for getting back to us, justonwo.
I can see how it would make the account more secure if users can also set up two-step verification.
As of now, the two-steps verification is available if you're the Master or Company Admin of the account. It is designed this way, since you can access all the information of the business..
You can also pin this article that has topics that helps manage your QuickBooks account: QuickBooks Community.
I'll be around whenever you have concerns with your account. I'll be happy to help you out.
Am I reading this right? For our Quickbooks Online Advanced users, there is no way to set policy to require all users to set up MFA? And this is an accounting application?
Welcome to the Community, @MiMojo.
Intuit is dedicated to securing your information with advanced security tools and systems to protect your account.
You don't need to set anything up for MFA since it's automatically enabled for you. Upon logging in, a one-time confirmation code will be sent to your email or mobile device for additional security.
Additionally, multi-factor authentication can’t be turned off. It is a security feature that helps us safeguard your data and ensure that the person accessing the account is you.
I hope this clears up any confusion on your end.
Here's an article that can help you keep your information safe: Privacy and security in QuickBooks.
Feel free to leave a comment below if you have any other concerns related to QBO. We're just a post away.
This is a load of crap! I just brought this up at work (where we use QBO Accountant and have access to all our clients' bookkeeping as well) and nobody's 2FA was turned on! Each of us had to turn it on manually and set it up even though we have all been using our accounts for some time. This means any employee who is a little annoyed by the extra step can easily just shut it off again. An accountant with access to client's bookkeeping can set up new employees in payroll, change accounts where customer payments are deposited, and add new vendors for EFT payments. You can see how easy it would be, if the accountant's login was compromised, for the hacker to steal money from LITERALLY EVERY CLIENT that accountant has! This could ruin an entire practice. The admin of an accounting firm using QBO to access client bookkeeping should be able to FORCE all users to use 2FA. There should be no way to turn it off or operate without it, aside from maybe specific PCs being trusted. How is this not part of user setup?
I heard your sentiments about reinforcing multi-factor authentication or two-step verification to your clients in QuickBooks Online Accountant (QBOA), crystal. I’d also think the same if I were to manage multiple clients' books.
You’re right that reinforcing this would be safer for your customers to safeguard their accounts and other confidential information. Multi-factor authentication is a security enhancement on top of the usual password requirement.
Turning on two-step verification is optional set by QuickBooks to give users a choice to add another level of security for their accounts. Thus, customers can manually turn them on if they opt to. If you prefer to reinforce this to everyone, you can utilize a third-party application or set this within your email provider to prevent fraud from accessing your account and your clients.
Feel free to visit this article to learn more about the feature: Verify your Intuit Account with multi-factor authentication or two-step verification.
I am always available to help you with securing your QuickBooks account and managing transactions.
We all know all about how to turn on 2 factor auth. However, this leaves open the ability for employees to simply turn theirs off if it annoys them. Why is it difficult to understand that accounting firms using QBO should be able to force 2FA on employees to ensure safety of their clients' accounts? It's actually mind-blowing that this isn't available.
Has there been any updates on this issue? I view this as a massive security weakness in QBO software if admins cannot set a policy requiring all users to use Multi-Factor Authentication. How are any companies running QBO software able to prove to their Insurance Providers that they're security compliant if they cannot show their employees have MFA enabled?
We truly appreciate your attention to security and your commitment to maintaining compliance standards, @Matt264. I’ll ensure your insights are forwarded to our dedicated product development team as they evaluate potential enhancements moving forward.
Currently, turning on/off the multi-factor authentication (MFA) for users as we wish is still unavailable. It is enabled by default to safeguard your data and ensure account access is limited strictly to authorized users.
As an alternative, you can let your user turn on their MFA to secure their account and prevent lockout with an extra verification method.
I'd recommend sending another feature request to our Product Development Team. This way, they can reevaluate your suggestion and consider it in the future.
Here's how:
To keep track of your requests, visit our Customer Feedback page.
I'll also attach a useful resource that can help you maintain your information securely and enhance privacy in all your activities.
Thank you for your proactive approach in the Community. Your participation helps us improve. If you need further assistance with MFA or any other queries, feel free to reach out. We’re here to help!
@AntoniettaEThank you for confirming that this feature of allowing admins to require MFA is not yet available. I have submitted a feature request as suggested and will follow-up on the sister thread with any updates that I hear.
You have clicked a link to a site outside of the QuickBooks or ProFile Communities. By clicking "Continue", you will leave the community and be taken to that site instead.
For more information visit our Security Center or to report suspicious websites you can contact us here