5 things you need to know about Xero’s new 2-step authentication

[ Everything you need to know about the latest Xero update! ]
by Gayle Williams Published

A two-step authentication process (2SA) will become compulsory for all Xero users from 30 October 2018.

What is 2SA? And why do you have to use it?

2SA adds an additional level of protection by requiring not only your email and password to access your Xero file, but also an authentication code at login. Xero has been rolling out increased security measures to protect its users’ data for several months now, and as of 30 October, this will become compulsory for all Xero users. The security of your data is paramount for Xero and it is fantastic that they are showing themselves to be proactive and carve the way for Australian corporations.

Many users (advisors, AU payroll administrators, subscribers) have already had to adopt 2SA. Now all other users with a login to Xero will need to follow suit. So, if you are a Xero user, but don't use it to this extent then you will need to make these changes to guarantee the security of your data.

If you haven’t already enabled 2SA on your Xero login, the next time you go to access your Xero file from 16 October, you will see a screen prompting you to set up this feature. So if you are not an everyday user, you may still have to complete this process. From 30 October, you will have to enable this before you can log in to your file.

What does this mean for you?

2SA will mean you will need to have access to a mobile phone so that you can install an authenticator app. You will need to ensure that the email address you use to log in to your Xero file is specific to you (ie not a shared generic email address, such as an accounts or info email address - unless you are the only person using that generic email to access the Xero file). This is important as you will need to set up recovery answers to security questions for times that you don’t have access to the app when logging in. You can also choose to set up an alternative email address to be used as a backup for when you don’t have access to the app when logging in.

How will I log in to my Xero file using 2SA?

- You will enter your username and password as per usual

- Once entered, you will be directed to a new screen where you will be prompted to enter a 6-digit authentication code. To see this code, you open the authentication app on your phone and enter the random 6-digit number that is generated and that changes frequently.

- If you can’t access your mobile phone to view your authentication code, you can select to use an alternative authentication method from this screen which will prompt you to either answer 3 of your security questions, or you can send a code to your alternative email address and then enter that code on the authentication screen

What happens if you change or lose your mobile phone?

Let's face it, losing or changing your mobile phone happens often. If this happens and you are worried about 2SA and what that means for your access, there are a few other ways you can access your information. You will need to log in to Xero using either the security questions or alternative email option. Once in you should disable 2SA from your account (the icon in the top right-hand corner of the screen). You can then install the authenticator app on your new mobile phone and re-enable 2SA using your new device.

What happens if you want to change your security questions or alternative email address?

If you are looking to make any changes to your identifiers then you will need to log in to Xero using the authentication code generated by the app. From there you can disable 2SA from your account and re-enable 2SA, updating the questions and/or email address as required.

At any time between now and 30 October you can enable 2SA on your Xero file once logged in by clicking on the icon on the top right-hand corner of the screen, selecting account and then following the prompts to enable 2SA on your account.

Still having trouble or need help? Our team of Xero Certified Advisors and Bookkeepers could talk about Xero all day! Get in touch!

[ Never miss a Tool, Tip, Resource or Event ]

Join the businessDEPOT community and get the latest advice
and insight directly to your inbox.


Get All Zen With Your Tax

Get In Touch


[ We help businesses and individuals of all shapes and sizes, and provide insight based on our extensive experience. ]

[ About ]

[ businessDEPOT is driven by a team of plain-talking, energetic and proactive people, and we believe in a fresh approach to providing advice and accounting services. ]