Xero - beautiful accounting software

Xero Business Help Center

Xero Business Community

Community > Feature Requests >
Done

Two Factor Authentication on Xero login

Started by David Loeffler -   in Feature Requests | Completed

I'd really like to see Xero introduce the option of two factor authentication as Google and Dropbox have done. While I love Xero, as it's footprint becomes larger and larger, security could become an issue.

For those who don't know 2FA is an additional layer of security on top of a username and password, whereby a one-time password is generated for the user to input with each session (or even per machine).

Given the sensitive nature of the information people hold on Xero (bank account information, payroll data etc), I believe more security is better than less security.

Having 2FA as a pre-emptive measure could be very smart i.e. before something happens.

Both Dropbox and Google make it easy by allowing you to use Google Authenticator or SMS to enter in a one-time password. This is something that could be considered.
Official Xero Reply
Hi everyone, on behalf of Paul (who’s laid up today) I’m pleased to let you know that the initial release of 2-Step Authentication has arrived. Take a few minutes to watch this video which explains how to get it all set up. For more details have a read of our Help Centre page.

As discussed over the last few months, we’ve used Google Authenticator (or compatible apps like Authy) to provide a Time-based One-Time Password (TOTP) solution. As a Subscriber, or someone with the Manage Users role, you’ll be able to see who in your organisation has set up 2SA.

We’re going to keep an eye on the feedback both here and in emails sent to Support. If you have additional functionality that you’d like to see (for example, an organisation-wide setting that’s enforceable by the subscriber) please add a Feature Request and place your vote.

EDIT: New Feature Request: 2-Step Authentication - Option to turn on for all users

Thanks again for your feedback, it helped make this feature a reality!
 

Luke Gumbley (Xero Staff)