The Australian Tax Office (ATO) has recently updated its security regulations in response to the increasing number of cybersecurity threats. To ensure tighter security measures, all users will now be required to authenticate their login at least once every 24 hours. These regulations apply to all software solutions interacting with the ATO, including Saasu.
It is imperative that we promptly implement the required adjustments to guarantee adherence and provide a safe online platform for our customers.
Changes to MFA
The current checkbox to “Trust this device for 30 days” will be removed and replaced with the default behaviour to trust the device for 24 hours before authentication is required again.
We will soon be introducing a new option to set up MFA using the Google Authenticator app for easier logging in for those who face issues receiving the authentication codes via email or SMS.
Changes to Session Timeout
A further aspect of the MFA relates to inactive session timeout (time without performing actions in the browser while logged in to Saasu). Currently, you can be inactive on a page for up to 3 hours before the system prompts you to log in again. However, as advised by the ATO, this will be shortened to 30 minutes.
We are currently investigating the best ways to comply without causing too much disruption to user experience.
This will be a multi-phased update, where changes will be rolled out progressively over the coming weeks.