Two-step authentication

Two-step authentication adds an extra layer of security on your Xero account.

How it works

  • Two-step authentication combines something you know - your email address and Xero password - with something you have - an authentication code created by an app on your mobile device.
  • You'll need an authentication code each time you sign in, although you can set an option to use one code for 30 days.
  • If you don't have access to your mobile device, you can still log in using backup security questions.
  • When a user sets up two-step authentication, it applies to that user's login only, and on any device the user logs into Xero on.
  • From March 2018 the ATO will require (ATO website) all Australian practice users and any practice user with access to an Australian organisation to use two-step authentication. This includes users of Xero HQ and My Xero Partner Edition.