Two-step authentication

Two-step authentication adds an extra layer of security on your Xero account.

  • Two-step authentication combines something you know (your email address and Xero password) and something you have (an app on your device creates a code).
  • The authentication app on your device creates the authentication code.
  • You will need the authentication code each time you sign in (or every 30 days if you've previously selected Remember me for 30 days).
  • If you can't access your device, you can still log in using backup security questions.
  • Two-step authentication applies to the user level, not organization-wide.