Better password security standards
At MYOB, we understand the vital role passwords play in safeguarding your user accounts and the confidentiality of your information. Ensuring your passwords are secure is critical to prevent unauthorised access to your MYOB Advanced site.
That’s why, with the release of MYOB Advanced version 2023.1.3 (available 22 March 2024, deployed May 2024), we are introducing enhanced password security standards. These standards comply with the latest recommendations from regulatory organisations.
Who is affected
These changes only affect you if you sign in with a username and password, not if you use secure authentication.
The MYOB Advanced sign-in page will also have a new look in version 2023.1.3. To see what’s changed, check the release notes.
What happens if you’re affected
If your current password doesn’t already meet the enhanced complexity requirements and hasn't been updated recently, you’ll need to set a new, complex password before you can log in.
You’ll know you’re affected if you see New Password and Confirm Password fields after trying to sign in with your current password.
What settings are changing
We’ve updated the default settings on the Security Preferences (SM201060) and Users (SM201010) screens.
If your site’s settings don’t already meet the enhanced standards, then upgrading to 2023.1.3 will automatically update your settings. The enhanced standards apply to existing users and to any new users you add.
You can’t disable the enhanced standards, even if you deselect the Password Must Meet Complexity Requirements checkbox. This checkbox will be removed in a future release.
Passwords must meet complexity requirements
The Password Must Meet Complexity Requirements checkbox is now automatically selected. Passwords must be at least 14 characters long and contain at least one upper-case letter (A to Z), one lower-case letter (a to z), and one number (0 to 9) or symbol (e.g., !#$%^).
Forcing users to change passwords
By default, user passwords now expire every 180 days. When a user's password expires, they’ll need to set a new one.
The Force User to Change Password Every field lets system administrators change how often users must change their passwords. The field can be set to any number between 7 and 365 days.
Additionally, on the Users screen (SM201010), the Password Never Expires checkbox is deselected, including for any users that previously had it selected. If a user previously had this checkbox selected, they might need to set a new password the next time they log in.
Some users, like those who are part of an integration or API, can still have the Password Never Expires checkbox manually selected.
FAQs
What if I forget my password?
The process for resetting a forgotten password is the same as it’s always been. On the sign-in page, click Forgot your credentials?.
You’ll receive a password reset email with a link, which takes you to a page where you can enter a new password.
How often will I have to change my password?
This depends on your company’s password expiry settings. To find out your company’s exact settings, reach out to your system administrator.
What if my site's password settings were already stronger than the new defaults?
If your site already met or surpassed the new standards, upgrading to 2023.1.3 won’t automatically change your site’s settings. But if you manually change your settings at some point, the new standards will still apply.
I got locked out of my account. What do I do?
If you get locked out of your account for entering the wrong password too many times, you have two options:
Wait until the lockout finishes. The length of the lockout depends on your company’s settings, but by default it’s 30 minutes.
Contact your system administrator, who can unlock your account without waiting for the lockout to end. They can also start the password reset process for you.