Xero - beautiful accounting software

Xero Business Community

Xero Business Community

Hi everyone, Come on over to the new discussions in Xero Central. It’s a more intuitive way to connect and chat all things business with one another. Ask questions, dish out answers, and get involved.

You can still view topics in the Xero Business Community to see all the useful knowledge that’s been shared there; and you can restart conversations you feel have been of huge value to you on Xero Central.

If you have brilliant ideas for innovations, you can keep on adding feature requests in the Xero Business Community, and voting on existing requests. There’s more in store, as we come up with the best way to take on your thoughts and share developments
Community > Feature Requests >

Two Factor Authentication on Xero login

Started by David Loeffler in Feature Requests | Done!

I'd really like to see Xero introduce the option of two factor authentication as Google and Dropbox have done. While I love Xero, as it's footprint becomes larger and larger, security could become an issue.

For those who don't know 2FA is an additional layer of security on top of a username and password, whereby a one-time password is generated for the user to input with each session (or even per machine).

Given the sensitive nature of the information people hold on Xero (bank account information, payroll data etc), I believe more security is better than less security.

Having 2FA as a pre-emptive measure could be very smart i.e. before something happens.

Both Dropbox and Google make it easy by allowing you to use Google Authenticator or SMS to enter in a one-time password. This is something that could be considered.
Official Xero Reply
Hi everyone, on behalf of Paul (who’s laid up today) I’m pleased to let you know that the initial release of 2-Step Authentication has arrived. Take a few minutes to watch this video which explains how to get it all set up. For more details have a read of our Help Centre page.

As discussed over the last few months, we’ve used Google Authenticator (or compatible apps like Authy) to provide a Time-based One-Time Password (TOTP) solution. As a Subscriber, or someone with the Manage Users role, you’ll be able to see who in your organisation has set up 2SA.

We’re going to keep an eye on the feedback both here and in emails sent to Support. If you have additional functionality that you’d like to see (for example, an organisation-wide setting that’s enforceable by the subscriber) please add a Feature Request and place your vote.

EDIT: New Feature Request: 2-Step Authentication - Option to turn on for all users

Thanks again for your feedback, it helped make this feature a reality!

Luke Gumbley (Xero Staff)