Two step authentication (2SA)

This article explains two-factor authentication (2FA) or two-step authentication (2SA) as xero refers to it - what is is, why it's needed and how to setup the Google authenticator App to authenticate yourself

Xero will soon start to make two-step authentication (2SA) compulsory for small business customers as an additional layer of protection. Xero will be informing users progressively throughout the year but you can set this up at anytime for yourself.

As your external accountants with access to your data, we implemented this for all our staff earlier this year.

What is two-step authentication (2SA)?

2SA is an extra layer of security that requires a password and username and a second unique code to be generated on a second device (typically your mobile phone), making it more difficult for unauthorised people to access your data.

See video:

This also means that if you are sharing logins you will no longer be able to do so and will need to issue out individual logins for users, that are associated with their individual mobiles.

What do I need to do?

  • You'll need an authentication code each time you sign in, although you can set an option to use one code for 30 days.
  • We use and recommend using the Google Authenticator App on your mobile phone as it's universally available.
  • If you don't have access to your mobile device, you can still log in using backup security questions.

For full instructions on how to set up two-step authentication please refer to Xero's help