Password and MFA Requirements for QBO Users

Good afternoon, @justonwo. 

Thanks for hopping into the Community with your question about passwords and MFA requirements for your users. 

When your team (users) creates a password, they'll need to have these requirements to save the information successfully: 

Combo of:

• Letters
• Numbers
• Special Characters

It must be at least eight characters long as well. This is already set for all users by our system. 

With QuickBooks, MFA is a one-time confirmation code through your email or mobile device when you try to log in. MFA is default to ON. However, you can choose to set up two-step verification for each user as another option. 

To see which would be best for your business and other details, review this guide: Verify your QuickBooks Online account with mult-factor authentication or two-step verification. 

Don't hesitate to come back if you have any further questions about passwords or MFA. I'm always here to lend a helping hand. Bye for now! 

I see that I can turn on two-step authentication for myself. Thanks for that.

However, can I make it a policy for the users in my QBO file that they must also set up two-step authentication? I would like to ensure that all my users have to verify every time they sign in. Thanks in advance for the help.

Thank you for getting back to us, justonwo.

I can see how it would make the account more secure if users can also set up two-step verification.

As of now, the two-steps verification is available if you're the Master or Company Admin of the account. It is designed this way, since you can access all the information of the business..

You can also pin this article that has topics that helps manage your QuickBooks account: QuickBooks Community.

I'll be around whenever you have concerns with your account. I'll be happy to help you out.

Am I reading this right?  For our Quickbooks Online Advanced users, there is no way to set policy to require all users to set up MFA?  And this is an accounting application?

Welcome to the Community, @MiMojo.

Intuit is dedicated to securing your information with advanced security tools and systems to protect your account. 

You don't need to set anything up for MFA since it's automatically enabled for you. Upon logging in, a one-time confirmation code will be sent to your email or mobile device for additional security.

Additionally, multi-factor authentication can’t be turned off. It is a security feature that helps us safeguard your data and ensure that the person accessing the account is you. 

I hope this clears up any confusion on your end. 

Here's an article that can help you keep your information safe: Privacy and security in QuickBooks.

Feel free to leave a comment below if you have any other concerns related to QBO. We're just a post away.

This is a load of crap! I just brought this up at work (where we use QBO Accountant and have access to all our clients' bookkeeping as well) and nobody's 2FA was turned on! Each of us had to turn it on manually and set it up even though we have all been using our accounts for some time. This means any employee who is a little annoyed by the extra step can easily just shut it off again. An accountant with access to client's bookkeeping can set up new employees in payroll, change accounts where customer payments are deposited, and add new vendors for EFT payments. You can see how easy it would be, if the accountant's login was compromised, for the hacker to steal money from LITERALLY EVERY CLIENT that accountant has! This could ruin an entire practice. The admin of an accounting firm using QBO to access client bookkeeping should be able to FORCE all users to use 2FA. There should be no way to turn it off or operate without it, aside from maybe specific PCs being trusted. How is this not part of user setup? 

I heard your sentiments about reinforcing multi-factor authentication or two-step verification to your clients in QuickBooks Online Accountant (QBOA), crystal. I’d also think the same if I were to manage multiple clients' books.

You’re right that reinforcing this would be safer for your customers to safeguard their accounts and other confidential information. Multi-factor authentication is a security enhancement on top of the usual password requirement. 

Turning on two-step verification is optional set by QuickBooks to give users a choice to add another level of security for their accounts. Thus, customers can manually turn them on if they opt to. If you prefer to reinforce this to everyone, you can utilize a third-party application or set this within your email provider to prevent fraud from accessing your account and your clients.

Feel free to visit this article to learn more about the feature: Verify your Intuit Account with multi-factor authentication or two-step verification.

I am always available to help you with securing your QuickBooks account and managing transactions.

We all know all about how to turn on 2 factor auth. However, this leaves open the ability for employees to simply turn theirs off if it annoys them. Why is it difficult to understand that accounting firms using QBO should be able to force 2FA on employees to ensure safety of their clients' accounts? It's actually mind-blowing that this isn't available.