An extra bolt on the door

Since COVID-19 started, there has been a dramatic increase in the number of cyber-attacks around the world. And your business can be stopped in its tracks if someone guesses and uses your password. So, this year it will become mandatory for Xero users to set up and use multi-factor authentication (MFA) – putting an extra bolt on the door to help keep your data secure.

Xero users will be invited to opt into MFA and use an authentication app – like Xero Verify – from March, before it becomes mandatory. Xero Verify is a new MFA app that sends push notifications to check that it’s really you trying to log in. It’s designed to prevent anyone else from accessing your account even if they know your password. (Users who don’t need to log in to Xero, like payroll employees and those who use the Xero portal and Ask portal, won’t need to set up MFA.)

Getting ready for MFA
There are three things you need to ensure you have in place prior to implementing MFA:
  • An iOS or Android smartphone to download and use Xero Verify (available in early March) or another authentication app. Alternatively you could use Authy – a desktop authenticator.
  • A backup email address (that is different to the one you use to login to Xero) which will only be used if you lock your account or don't have your phone. You should use a strong and unique password with your backup email.
  • Ensure each team member has a unique Xero login and password. With Xero, there are no limits on the number of users you can invite into an organisation or client file. Here’s how to add a client or staff member to Xero and a refresher on keeping your Xero account safe.
You don’t need to do anything else now. Xero will be in touch this month with more about the rollout and instructions on how to set up MFA.