Two-step authentication adds an extra layer of security on your Xero account.
How it works
- Two-step authentication combines something you know - your email address and Xero password - with something you have - an authentication code created by an app on your mobile device.
- You'll need an authentication code each time you sign in, although you can set an option to use one code for 30 days.
- If you don't have access to your mobile device, you can still log in using backup security questions.
- When a user sets up two-step authentication, it applies to that user's login only, and on any device the user logs into Xero on.
- From March 2018 the ATO will require (ATO website) all Australian practice users and any practice user with access to an Australian organisation to use two-step authentication. This includes users of Xero HQ and My Xero Partner Edition.