Xero - beautiful accounting software

Xero Business Help Center

Xero Business Community

Community > Feature Requests >

Two Factor Authentication on Xero login

Started by David Loeffler -   in Feature Requests | In Next Release

I'd really like to see Xero introduce the option of two factor authentication as Google and Dropbox have done. While I love Xero, as it's footprint becomes larger and larger, security could become an issue.

For those who don't know 2FA is an additional layer of security on top of a username and password, whereby a one-time password is generated for the user to input with each session (or even per machine).

Given the sensitive nature of the information people hold on Xero (bank account information, payroll data etc), I believe more security is better than less security.

Having 2FA as a pre-emptive measure could be very smart i.e. before something happens.

Both Dropbox and Google make it easy by allowing you to use Google Authenticator or SMS to enter in a one-time password. This is something that could be considered.
Official Xero Reply
Hi again, just wanting to address some of the concerns here.

While that headline gets your attention, it's not accurate. Xero has not suffered a security breach; our systems haven't been compromised. A small number of Xero customers have had their accounts compromised, most likely through falling victim to phishing or malware attacks. This was isolated to Australia, and we're addressing each incident with those affected directly. In light of this, we’ve been communicating the importance of keeping anti-malware (anti-virus / anti-spyware) up to date, changing passwords, and keeping your Xero password separate from that for any other website or service.

We're moving to deploy 2 step authentication as quickly as we can. However, we're not going to rush this out without full and thorough testing.

Paul M (Xero Staff)