Add a second layer of security with multi-factor authentication

Just one easily guessed password can stop your business in its tracks. So Xero has put an extra deadbolt on the door to help keep your data secure.

Set up MFA Watch video
hand holding a phone showing multi factor authentication

What is MFA?

Multi-factor authentication (MFA) adds an additional way of checking that it’s really you when you log in. It combines something you know (your user name and password) with something you have (an authentication app on your smartphone or tablet). This second layer of security is designed to prevent anyone but you from accessing your account even if they know your password.

Did you know?

Up to 80% of data breaches can be prevented with basic actions like enabling multi-factor authentication to protect yourself and your customers from attacks.
Source: DBIR, 2020

Statistics show that:

  • 70% of breaches are caused by ‘bad actors’ with 55% of these in organised crime*

  • 67% of breaches are due to credential theft, errors and social attacks*

  • Financial gain is still the primary motive for cyberattacks*

  • The global average cost of data breaches reported in a 2019 report was US$3.9 million^

*Source: 2020 Verizon Data Breach Investigations Report
^ Source: Security Intelligence


cyber criminal showing the types of things that can go wrong without 2FA

Receive push notifications for fast authentication

Step 1. Download Xero Verify

From the Apple or Google app store. Xero Verify is the only authenticator app that sends push notifications when you log in to Xero. 

step 1: phone showing app store

Step 2. Sync the app with Xero

Follow the steps for setting up multi-factor authentication or watch the videos below to see how to sync Xero Verify to your Xero login and allow it to automatically send notifications to you.

STEP 2: phone showing QR code for multi factor authentication

Step 3 - Logging in to Xero

When you log in to Xero, enter your email and password as usual. Xero Verify immediately sends a notification to your mobile device. Just approve it and you’re all set.

STEP 3: phone showing logging into Xero

Note: You can also use Google Authenticator, FreeOTP or Authy but you won’t receive push notifications, you’ll need to enter a code instead. If you don’t have a smartphone or tablet, you can use Authy or WinAuth.

If you’re not asked to set up multi-factor authentication when you log in to Xero, you can set it up yourself. Click your initials or image, click Account, select Set up under Multi-factor authentication, then follow the instructions. The videos below walk you through the steps.

Multi-factor authentication for security

Xero Verify Set up
Switch from Google Auth to Xero Verify
Google Authenticator Set up
Authy Set up for PC/desktop

Additional ways to secure your data

  • Have a backup email address in case you don't have your phone handy or need another way to verify who you are. You should use a strong and unique password with your backup email
  • Keep your software up to date, including the apps on your phone and tablet
  • Keep your login details to yourself. You can invite others into an organisation or client file at no extra cost, but they will need their own login and multi-factor authentication
  • Use strong, unique, private passwords (not your cat's name!)
  • Don’t use the same password for your accounts - this introduces you to additional vulnerabilities that you have no control over
  • Enable MFA on all your online accounts

Want more info on MFA and security?

hand holding a phone showing multi factor authentication

Got a question about MFA?

Find answers to the most frequently asked questions about enabling and using multi-factor authentication.

Go to FAQs page