How secure am I when working from home?

As security measures from your office are different to working at home, you may be wondering how safe and secure you are when working from home to ensure that your work is not compromised.

Please note: it's the responsibility of your IT team to implement policies around employee devices, including approving devices and unauthorised access. For any queries, please refer to your IT administrator.

Why is a 2 Step Authenticator Code (2SA) not required for FYI?

Software that holds Tax File Numbers (TFN) requires a 2 Step Authenticator Code (2SA).

The reason why it is not the case for FYI is we do not hold the TFN - the TFN from Xero Tax is encrypted in our system. In terms of Tax Assessments Automation, the TFN is also not available within FYI. A copy of the Tax Assessments is recreated based on merge fields without the TFN for this reason.

FYI leverages the authentication of Microsoft 365, which means the application of 2SA is outside our control. However, your practice can (and we recommend this) enforce 2SA across all users from within Microsoft 365 Admin. For instructions, refer to the Microsoft article Set up multifactor authentication for Microsoft 365.

How can I stop Microsoft 365 from remembering my password?

Once logged into any Microsoft account (such as Outlook - which generally doesn't hold critical info), FYI automatically logs me in and no password is required. 

Use the following step to prevent Microsoft 365 from remembering your password:

  • Open Office.com in a separate tab of the browser session.
  • Select sign out and close the entire browser session (that is, close the browser altogether)
  • Open the browser again and open Office.com
  • On the Home page, select Forget this account.
  • When prompted "Stay signed in?", click No. If you prefer, also checkmark "Don't show this again".

Note: It is also best practice that Office.com or go.fyi.app is always logged out at the end of each session.

Another setting to increase the security of FYI is to reduce the default timeout time if users leave FYI inactive for a period of time. The default is 8 hours of inactive time before login times out. Users will be automatically logged out and prompted to log in again in order to continue using FYI. This timeout can be changed for your practice for all users by FYI Admin. Refer to Managing Practice Settings.

Was this article helpful?
0 out of 0 found this helpful