Xero: Two-Step Authentication
Cloud Accounting Security: What you need to know
Xero: Two-step Authentication is vital. Cybercriminals are cunning creatures. Phishing emails and other scams are used to try and get users’ login credentials and gain access to sensitive data within Xero. Xero: Two-Step Authentication gives an extra level of security and helps keep your Xero account safe. Protecting yourself with this Cloud Accounting Security makes it much harder for a criminal to gain access to your Xero account.
Unless you’re in Australia Two-step authentication is optional for most users.
There are options if moving Xero: Two-Step Authentication to a new device. Life is easier while you’ve still got both devices, sett up your new one as soon as you can.
How it works
Log into Xero using your email and password. Then generate a code using an app on your phone, tablet or computer. Finally, enter the code in Xero.
- The app generates a new code every 30 seconds, so the code is different each time you log in
- No one else can log into your account. You’re the only one who knows your email and password and has access to your authentication device
- When you access more than one organisation under the same login, you only need to set Two-step authentication once. It applies to any device or browser you use to access Xero
- Set up separate Two Step Authentication where logins are different. For example, where you access different organisations, you use the same app
- You can choose to enter the code once every 30 days if you use the same computer and browser each time you log into Xero,
Xero: Two-Step Authentication, the Phone App
What app to use
If you already use an authenticator app, add another account to it for your Xero login.
Where you don’t have one already, there are recommended industry-standard ones . Alternatively, search for ‘authenticator’ in your device’s app store. The apps are free, and there are a few options you can choose from.
For increased security, download the app to a different device than the one you use to access Xero.
How it works
A third party app is used to generate the codes. The authentication app doesn’t connect to your Xero organisation, there’s no data transfer between them.
• The app automatically generates new codes, and doesn’t need a network connection or mobile signal to do this.
• Xero generates the same codes as the app. When you enter the code from your app, it should match Xeros. Both codes are generated using the same secret key that’s unique to you. No two Xero organisations generate the same code.
• When Two-Step authentication, enter the key into your app by scanning a barcode or entering it manually.
Your codes are time-based, so make sure the time on your authenticator device is in sync with Xero. Automatic time setting by your network prevents getting an out-of-sync or invalid code error.
Cloud Accounting Security: Recovery options
If you don’t have access to your authentication device, there are two recovery methods to log in:
- Answer some questions about yourself
- Send a one-time authentication code to an alternative email address
You have to set up recovery questions, but you choose the questions to answer. You also choose the alternative email address the code is sent to, but this is optional, and can’t be the same as your login email address.
Xero is certified as ISO/IEC 27001:2013 compliant. Xero has a comprehensive Information Security Management System (ISMS).
In conclusion, Xero security is important. Xero: Two-Step authentication is a strong defence against hacking.
We can have a cup of (virtual or real) coffee, biscuit and a chat to see how we can help you.
You relax, and fack the hackers!