Security is a subject that is discussed more and more frequently as we see more and more stories about data breaches in the world.
Unfortunately, there is no way to be 100% safe -- but you can tighten up your security to bring things closer to the 100% mark. One easy method is through something called "Two Factor Authentication" or 2FA.
You may have used 2FA with a banking website -- where you log in and then it sends you a text message with a code that you have to enter in order to get access to your banking data. This way, someone who has hacked your password will not be able to log into your banking website without having your phone (or a spoofed phone) and be able to receive the text-messaged code number.
With QuickBooks Online, you can use the text message way, or you can upgrade to an even more secure method of 2FA. This same system works on Google G-Suite accounts as well.
You'll have an App on your phone called Google Authenticator, which generates specially calculated codes that change every 30 seconds. In order to log into your account you'll have to open the app and type in the code number displayed, as well as your user name and password. It's very easy to open the app and grab the necessary code. It's much easier (and safer!!) than having a code texted to you and having to wait to receive it.
The app on my phone looks like this screenshot. I have three accounts linked to the Google Authenticator app: 2 QuickBooks accounts plus my Google G-Suite account. Any time I log into any of those accounts I open the app and type in the code number displayed.
When I log into my QuickBooks Account, I get the standard login screen first:
And after I enter the user name and password I immediately get a screen allowing me to put in the code number from my Google Authenticator application:
After that -- I'm into my QuickBooks account securely!
To set up this system on your QuickBooks account you need to log into Intuit's Account Center at https://accounts.intuit.com/index.html Use your normal QBO credentials to log in. Then scroll down to the Security section and you'll see what they call Two Step Verification. Click Edit and Turn it On. You'll then see a prompt to use Google Authenticator, like this:
Press the button to turn the app on. You'll then be presented with the steps to load the app and configure it. You'll be able to scan a barcode or enter a manual code -- scan the barcode it's easier!
Once you've done those 4 steps simply Verify and Close this window and exit from the Intuit Account settings. The next time you log into QuickBooks you'll be prompted to enter the code displayed in your Google Authenticator application.
As I said above, I also use this for my G-Suite account. Support for 2FA in Method:CRM is planned for 2019.
2FA can, and should, be set up for any of your accounts that contain confidential data.