Xero - beautiful accounting software

Xero Business Help Center

Xero Business Community

Community > Feature Requests >

Two Factor Authentication on Xero login

Started by David Loeffler -   in Feature Requests | Started

I'd really like to see Xero introduce the option of two factor authentication as Google and Dropbox have done. While I love Xero, as it's footprint becomes larger and larger, security could become an issue.

For those who don't know 2FA is an additional layer of security on top of a username and password, whereby a one-time password is generated for the user to input with each session (or even per machine).

Given the sensitive nature of the information people hold on Xero (bank account information, payroll data etc), I believe more security is better than less security.

Having 2FA as a pre-emptive measure could be very smart i.e. before something happens.

Both Dropbox and Google make it easy by allowing you to use Google Authenticator or SMS to enter in a one-time password. This is something that could be considered.
Official Xero Reply
Hi everyone. We’re still on track to deliver this before the end of year - we're now aiming for an end of November release.

I’d alluded to this earlier; it isn’t something that we want to rush. Xero is a very complex environment and it's important for all of our customers that we get this right.

To confirm:
Xero's 2-step verification solution is based on Google Authenticator and Time-based One-Time Passwords (TOTP). You’ll be able to use the Google Authenticator app on your device or compatible apps like Authy. You can find more information about TOTP here.

The initial release will allow individual users to enable 2-step verification for logging in to Xero. From within the Users Settings page, a Subscriber, or a user with Manage Users access, will then be able to see which users of their organisation have enabled 2-step verification. Depending on the uptake of 2-step verification,and feedback, we may look into making this an organisation level setting enforceable by the Subscriber.

Glad to see that you’ve noticed our recent communications around increased online security. We want our customers to be aware of the potential dangers, and to get into good habits to protect their information. We know that not everyone will utilise our upcoming 2-step verification solution - which is why it’s important that we continue to educate and encourage everyone to stay safe online!

Paul M (Xero Staff)