Finance, Security and Dual Authentication Part 1: What Is the Problem?Jamie Allen
What is the problem?
The emergence of cloud technology in recent times has led to an incredible number of advantages, such as improved accessibility and enabling efficient remote working … all of which have been invaluable. We have seen this in the accounting and finance world with systems such as Xero and there are thousands of other examples across various fields. (Banking, Social Media, Marketing, Business Operational Software, IT Operational systems, Mobile phones, you name it.) We now live in a cloud-based world whether we like it or not.
But whilst this shift has created innumerate benefits, it has also posed huge challenges around security. We have probably all encountered stories about someone’s account being hacked. For example, the ex-POTUS could not even escape the breach of his infamous Twitter account, and whilst this example might not have surprised many and the impact in this instance being minor, the consequences can prove to be far graver in many situations.
Now, whilst we are not an outsourced IT function, we do provide cloud solutions to businesses and accounting practices to help them automate financial processes and acquire real-time business insights. In doing so, we have a responsibility to make sure our systems and clients’ data are secure, and we take this very seriously. I am not saying that systems aren’t or haven’t been secure historically, but we are starting to see software providers up their game in this area and consequently, there must be room for improvement.
Only this week Xero released a notification they will be introducing compulsory dual authentication for access to their system. It is a completely logical and sensible solution to make their system more secure. But this solution in itself creates a problem in the accounting world and generally. One of the main queries we get from users is “I have forgotten my password”. With users now requiring an app on their phone to get a code and some clients not being tech-savvy, this could result in a huge number of queries if you don’t have a robust setup to deal with this.
My fear is that many accountants, and sorry to focus on this but it’s my area, are sleepwalking into these issues and will soon have a lot of questions and queries from clients which will take up a significant amount of time, not to mention it will be difficult to charge for. Many Integrations also rely on passwords so if those change, you could have several integrations and links between apps breaking, causing a lot of headaches and downtime.
This is also only an example of 1 system introducing these requirements; if every cloud system changes to require the use of an authentication app, like Google or Microsoft authenticator, this could create a lot of confusion with various systems and codes being in use, especially if you do not have a good way to organise this and communicate with clients. Imagine the below screenshot with a line and code for every single system in use by your business. Say you lose your phone, leave it at home or don’t have a charger, it could mean you lose a whole day of work.
There really is an opportunity here for accountants to differentiate themselves and help their clients stay secure, whilst also improving their service offering. The good news is, we have the solution to help them. Stay tuned to our next part to find out how.