cancel
Showing results for 
Search instead for 
Did you mean: 
justonwo
Level 3

Password and MFA Requirements for QBO Users

Is it possible to set up requirements for QBO users on my team to meet certain password requirements and to force them to use MFA?

12 Comments 12
Candice C
QuickBooks Team

Password and MFA Requirements for QBO Users

Good afternoon, @justonwo

 

Thanks for hopping into the Community with your question about passwords and MFA requirements for your users. 

 

When your team (users) creates a password, they'll need to have these requirements to save the information successfully: 

 

Combo of:

 

  • Letters
  • Numbers
  • Special Characters

 

It must be at least eight characters long as well. This is already set for all users by our system. 

 

With QuickBooks, MFA is a one-time confirmation code through your email or mobile device when you try to log in. MFA is default to ON. However, you can choose to set up two-step verification for each user as another option. 

 

To see which would be best for your business and other details, review this guide: Verify your QuickBooks Online account with mult-factor authentication or two-step verification

 

Don't hesitate to come back if you have any further questions about passwords or MFA. I'm always here to lend a helping hand. Bye for now! 

justonwo
Level 3

Password and MFA Requirements for QBO Users

I see that I can turn on two-step authentication for myself. Thanks for that.

 

However, can I make it a policy for the users in my QBO file that they must also set up two-step authentication? I would like to ensure that all my users have to verify every time they sign in. Thanks in advance for the help.

Adrian_A
Moderator

Password and MFA Requirements for QBO Users

Thank you for getting back to us, justonwo.

 

I can see how it would make the account more secure if users can also set up two-step verification.

 

As of now, the two-steps verification is available if you're the Master or Company Admin of the account. It is designed this way, since you can access all the information of the business..

 

You can also pin this article that has topics that helps manage your QuickBooks account: QuickBooks Community.

 

I'll be around whenever you have concerns with your account. I'll be happy to help you out.

DohertyD
Level 1

Password and MFA Requirements for QBO Users

Click the Security tab. Select Turn On to expand the Two-step verification section.You will be prompted to enter a phone number if you initially did not enter it during the setup of your account. Enter the number you want to use to verify the account and select Turn on text message verification.
 TellPopeyes
MiMojo
Level 1

Password and MFA Requirements for QBO Users

Am I reading this right?  For our Quickbooks Online Advanced users, there is no way to set policy to require all users to set up MFA?  And this is an accounting application?

JanbonN
QuickBooks Team

Password and MFA Requirements for QBO Users

Welcome to the Community, @MiMojo.

 

Intuit is dedicated to securing your information with advanced security tools and systems to protect your account. 

 

You don't need to set anything up for MFA since it's automatically enabled for you. Upon logging in, a one-time confirmation code will be sent to your email or mobile device for additional security.

 

Additionally, multi-factor authentication can’t be turned off. It is a security feature that helps us safeguard your data and ensure that the person accessing the account is you. 

 

I hope this clears up any confusion on your end. 

 

Here's an article that can help you keep your information safe: Privacy and security in QuickBooks.

 

Feel free to leave a comment below if you have any other concerns related to QBO. We're just a post away.

crystalcalliou
Level 2

Password and MFA Requirements for QBO Users

This is a load of crap! I just brought this up at work (where we use QBO Accountant and have access to all our clients' bookkeeping as well) and nobody's 2FA was turned on! Each of us had to turn it on manually and set it up even though we have all been using our accounts for some time. This means any employee who is a little annoyed by the extra step can easily just shut it off again. An accountant with access to client's bookkeeping can set up new employees in payroll, change accounts where customer payments are deposited, and add new vendors for EFT payments. You can see how easy it would be, if the accountant's login was compromised, for the hacker to steal money from LITERALLY EVERY CLIENT that accountant has! This could ruin an entire practice. The admin of an accounting firm using QBO to access client bookkeeping should be able to FORCE all users to use 2FA. There should be no way to turn it off or operate without it, aside from maybe specific PCs being trusted. How is this not part of user setup? 

RoseJillB
QuickBooks Team

Password and MFA Requirements for QBO Users

I heard your sentiments about reinforcing multi-factor authentication or two-step verification to your clients in QuickBooks Online Accountant (QBOA), crystal. I’d also think the same if I were to manage multiple clients' books.

 

You’re right that reinforcing this would be safer for your customers to safeguard their accounts and other confidential information. Multi-factor authentication is a security enhancement on top of the usual password requirement. 

 

Turning on two-step verification is optional set by QuickBooks to give users a choice to add another level of security for their accounts. Thus, customers can manually turn them on if they opt to. If you prefer to reinforce this to everyone, you can utilize a third-party application or set this within your email provider to prevent fraud from accessing your account and your clients.

 

Feel free to visit this article to learn more about the feature: Verify your Intuit Account with multi-factor authentication or two-step verification.

 

I am always available to help you with securing your QuickBooks account and managing transactions.

crystalcalliou
Level 2

Password and MFA Requirements for QBO Users

We all know all about how to turn on 2 factor auth. However, this leaves open the ability for employees to simply turn theirs off if it annoys them. Why is it difficult to understand that accounting firms using QBO should be able to force 2FA on employees to ensure safety of their clients' accounts? It's actually mind-blowing that this isn't available. 

Matt264
Level 2

Password and MFA Requirements for QBO Users

@RoseJillB @JanbonN 

Has there been any updates on this issue? I view this as a massive security weakness in QBO software if admins cannot set a policy requiring all users to use Multi-Factor Authentication. How are any companies running QBO software able to prove to their Insurance Providers that they're security compliant if they cannot show their employees have MFA enabled?

AntoniettaE
QuickBooks Team

Password and MFA Requirements for QBO Users

We truly appreciate your attention to security and your commitment to maintaining compliance standards, @Matt264. I’ll ensure your insights are forwarded to our dedicated product development team as they evaluate potential enhancements moving forward.

 

Currently, the ability to toggle multi-factor authentication (MFA) for users on or off at will is unavailable. It is enabled by default to safeguard your data and ensure account access is limited strictly to authorized users. 

 

As an alternative, you can encourage users to enable their MFA to secure their account and prevent lockout with an extra verification method.

 

I'd recommend sending a feature request to our Product Development Team. This way, they can reevaluate your suggestion and consider it in the future.

 

Here's how:

 

  1. Hit the Gear icon at the top, then select Feedback.
  2. Type in your product suggestions.
  3. Click Next to submit feedback.

 

To keep track of your requests, visit our Customer Feedback page.

 

I'll also attach a resource to help you maintain your information securely and enhance privacy.

 

Thank you for your proactive approach in the Community. Your participation helps us improve. If you need further assistance with MFA or any other queries, feel free to reach out. We’re here to help!

Matt264
Level 2

Password and MFA Requirements for QBO Users

@AntoniettaEThank you for confirming that this feature of allowing admins to require MFA is not yet available. I have submitted a feature request as suggested and will follow-up on the sister thread with any updates that I hear.

 

https://quickbooks.intuit.com/learn-support/en-us/install/re-require-2fa-for-all-quickbook-online-us...

 

Sign in for expert help
Ask questions, post replies & join our community of QuickBooks users.

Need to get in touch?

Contact us