Xero - beautiful accounting software

Xero Business Help Center

Xero Business Community

Community > Feature Requests >

Two Factor Authentication on Xero login

Started by David Loeffler -   in Feature Requests | Started

I'd really like to see Xero introduce the option of two factor authentication as Google and Dropbox have done. While I love Xero, as it's footprint becomes larger and larger, security could become an issue.

For those who don't know 2FA is an additional layer of security on top of a username and password, whereby a one-time password is generated for the user to input with each session (or even per machine).

Given the sensitive nature of the information people hold on Xero (bank account information, payroll data etc), I believe more security is better than less security.

Having 2FA as a pre-emptive measure could be very smart i.e. before something happens.

Both Dropbox and Google make it easy by allowing you to use Google Authenticator or SMS to enter in a one-time password. This is something that could be considered.
Official Xero Reply
A team are coding this as we speak!

The initial release will allow individual users to enable 2FA for logging in to Xero. From within the Users Setting page, a Subscriber, or a user with Manage Users access, will then be able to see which users of their organisation have enabled 2FA. Depending on the uptake of 2FA, and feedback, we may look into making this an organisation level setting enforceable by the Subscriber.

We expect to have the 2FA solution released by the end of the year. A lot of moving parts here, and we want it to undergo extensive testing, both internally and by external security specialists, before we’ll be happy to release.

Paul M (Xero Staff)