Table of Contents

MFA (Multi-Factor Authentication) in Reckon Accounts Hosted

Effective 15th May 2024, Multi-Factor Authentication (MFA) will be mandatory for enhanced security, ensuring that only authorised access is granted and protects your account from cybersecurity threats.

We strongly encourage you to enable MFA now to secure your account and avoid disruptions in accessing data to avoid disrupted access.

This mandate is part of the Digital Service Provider Operational Security Framework requirements, which recognise that MFA is one of the most effective ways to protect your data.

What is MFA?

Multi-Factor Authentication (MFA) is a security method that requires the user to prove their identity using two or more methods to gain access to a resource, such as an application or online account.



Why is MFA important?

MFA offers significantly better security and protection over your data.

All of Reckon services requires this security method. For example, setting up MFA for Reckon Accounts Hosted will also enable MFA for Reckon Portal using the same authentication method and vice versa.



How to enable MFA in Reckon Accounts Hosted

Before 15th May 2024

  1. Log into Reckon Accounts Hosted
  2. On the right-hand side, click on Login Security Settings (MFA) under the Useful Links menu.

  1. If MFA is currently not enabled on your account, the MFA Status will display NOT ENABLED
  2. Click on SETUP MFA to enable MFA on your account.


  1. You can now choose to set up MFA using an Authenticator app or a Device (your phone)
It is recommended to use an Authenticator App as opposed to a mobile number. This will reduce issues relating to using Australian numbers, roaming, and SMS Code received duration.


On or after 15th May 2024

  1. Log into Reckon Accounts Hosted
    1. For new users, log in using your Hosted User ID. Then, a prompt to create a new Username will be displayed. Enter a valid Username, then click Continue.
    2. Proceed to the next step for existing users.
  2. The following dialogue will appear if you have not set up MFA:
    1. Next — proceeds in MFA setup.
    2. Cancel — return to the login page.
    3. Help icon ('?') — navigates to this help article.


  1. Click Next
  2. You can now choose to set up MFA using an Authenticator app or a Device (your phone). See Authentication methods for the next steps.
It is recommended to use an Authenticator App as opposed to a mobile number. This will reduce issues relating to using Australian numbers, roaming, and SMS Code received duration.


Reckon Portal accounts linked with Accounts Hosted

The same MFA authenticator method will be used for both Reckon Accounts Hosted and Reckon Portal.

If you have enabled MFA for your Reckon Portal account, and it is linked with a Reckon Accounts Hosted account, then you would simply need to enable MFA on the Reckon Accounts Hosted site.

Before 15th May 2024 or when Reckon Portal was setup first but users is already logged on
  1. Log into Reckon Accounts Hosted
  2. On the right-hand side, click on Login Security Settings (MFA) under the Useful Links menu.
  3. Click on ENABLE MFA and a set-up successful dialogue will be displayed. You will be MFA challenged on your next log in attempt.


On or after 15th May 2024
  1. Log into Reckon Accounts Hosted
  2. The following dialogue will appear if you have set up MFA in Reckon Portal:
    1. Enable — enables MFA for Hosted using the same authentication method in Portal.
    2. Cancel — return to the login page.
    3. Help icon ('?') — navigates to this Help article.

  1. Click on Enable and an enable successful dialogue will be displayed



Authentication methods

To set up MFA with an Authenticator App

  1. Install an Authenticator app on your device:
    1. Google Play link
    2. App Store for iOS users


  1. Open the Authenticator App and scan the QR Code that appears onscreen.
  2. Enter the code that appears in your Authenticator app onto the Step 3 of the MFA dialogue.


To set up MFA with a mobile device

Hosted AU and NZ can recognise local numbers without the addition of the Country code prefix.
The Resend Code option will be available once the Send Code is actioned.

A request for a new code will be available every 30 seconds. The SMS option will always have a link to resend.
  1. From the Authenticate App option, click on I want to use my mobile number instead link below.
  2. Enter the mobile number you want to receive verification codes to and click Send Code
  3. This will generate a new unique verification code that will be sent to the nominated mobile number. This may take up to two minutes to arrive, depending on your mobile phone provider.
  4. Enter the Code once received and click Confirm Code

After setting up MFA with any authentication method, your Recovery Pin will be displayed on screen. Ensure you record this pin in a safe location, as it can be used to disable MFA in the event you lose access to your device.

The 'Close' button will be updated to 'Continue' if setup is performed after login on 15th May 2024.


To set up MFA with an Extension/Add-on

See the following article on a possible extension that you can use for your browser: Adding MFA via Chrome extension alternative to smartphone



MFA Page

After setting up your MFA, the Login Security Settings (MFA) page will be updated.

The MFA Status will now display as ENABLED, and shows the linked authentication method, whether via an authenticator app or a device.

There will also be three new buttons available:

  1. REVOKE MFA — to remove the MFA authentication for the Hosted account.
  2. VIEW NUMBER — to view the mobile number used for authentication when using SMS option.
  3. GET PIN — to view the Recovery PIN.


Get Pin

After enabling MFA, you are provided with a Recovery Pin. If you are unable to get pass the MFA challenge for any reason, you can still access Reckon Accounts Hosted using this Recovery Pin.

To view your Recovery Pin:

  1. Log into Reckon Accounts Hosted
  2. Click Login Security Details (MFA)
  3. Click GET PIN
  4. Enter the code from your Authenticator app or the one received via SMS and click Continue.


  1. Then, it will display your Recovery Pin.


View Number

This option is only available for the SMS authentication method via a mobile device to view the mobile number used to set up MFA.

  1. Click Login Security Details (MFA)
  2. Click on VIEW NUMBER
  3. This will have two options:
    1. Cancel — retain the mobile number and closes the dialogue.
    2. Change — revokes the MFA and starts over the MFA setup.


Change the mobile number
Changing the mobile number will first revoke your MFA setup to allow you to set up a new mobile number.
  1. Click on Change
  2. Enter the code received via SMS and click Continue.
  3. Repeat the steps from To set up MFA with a mobile device.


Revoke MFA

Using Control Panel as the Owner


Using Revoke MFA option
MFA will be made mandatory by the 15th May 2024 for each Reckon Accounts Hosted user. It is highly recommended that you set up MFA as early as possible to avoid disrupted access.
  1. Log into Reckon Accounts Hosted
  2. Click Login Security Details (MFA), your MFA Status will be ENABLED
  3. Click REVOKE MFA


  1. By default, it is set to MFA Code. Enter the code displayed on the Authenticator app or received via SMS to the nominated mobile number. Otherwise, use the Recovery PIN.
  2. Then, click Continue.
  3. A successful dialogue will appear to confirm the disabling of the MFA.



Logging into Reckon Accounts Hosted

— You will then be required to MFA once every 24 hours on each device.
— You will have to wait one hour if you fail to enter the correct code after the 5th attempt.

Log in using Security Code

  1. Login to Reckon Accounts Hosted
  2. To continue to your Dashboard, enter the code from your Authenticator app or one received via SMS and click Continue.


Log in using Recovery Pin

Using the Recovery Pin will revoke your MFA setup when used during MFA challenges, requiring you to enable it again before you can access your Dashboard after log in.

Failure to enter the correct code would lock your account after the 5th attempt, and you must call Technical Support.
  1. After login, when the MFA challenge is displayed, click the link on “Lost your device? Click here to enter your Recovery Pin.”.
  2. Enter the Recovery Pin that was provided when enabling MFA
  3. Click Continue

  1. On the right-hand side of the Dashboard, click on Login Security Settings (MFA) under the Useful Links menu.
  2. Follow the steps from Authentication methods.



Need more help?

Ask the Reckon Community at: https://community.reckon.com/categories/accountshosted

Or

Log a Support Ticket: https://www.reckon.com/au/support/





How did we do?

How to revoke Multi-Factor Authentication (MFA) for users

Related Articles

Powered by HelpDocs (opens in a new tab)

Powered by HelpDocs (opens in a new tab)