978 million people in 20 countries were affected by cybercrime in 2017.
One in four small businesses experienced a cyber attack or hacking attempt in New Zealand and Australia.
Norton Cyber Security Insights Report 2017 Global Results
In 2018, the Australian Tax Office's updated the online security requirements for customers of software providers that connect with the ATO. It is now compulsory for anyone with access to an Australian organisation on Xero to have 2SA enabled on their login. The same is true for customers using other cloud-based platforms.
How to set up 2SA
Step 1 - Download an authenticator app
Step 2 - Sync the app with Xero
Follow these Xero Central instructions or watch the videos below to sync the authenticator app to your Xero login and set your security questions.
Step 3 - Logging in to Xero
Next time you logi n to Xero, you'll need to enter your email and password as usual, then open your autenticator app and enter the passcode to sign in.
Mobile device setup
Desktop device setup
There’s no specific Xero-branded authenticator app. Instead, you can choose from a number of industry-standard authenticator apps. Options include Google Authenticator, FreeOTP and Authy. Just search for ‘authenticator’ from your device in the app store and you’ll see the options available.
No, the authenticator app doesn’t connect to your Xero account. It simply provides the one-time time-based numeric passcode that's used as an extra security step during the login process. It means if someone guesses or knows your password, its not enough to access your account.
For greater security, it’s preferable to have the authenticator app on a different device to the one you use to log in to Xero. But if that’s not possible, you can install an app such as Authy on your laptop or desktop computer. At Xero Central you’ll find suggested authenticator apps for phones and desktop.
No. Once the authenticator app is installed and set up on your mobile device, it doesn’t need a mobile or wireless connection to work. Because it’s continually generating new codes that are only valid for 30 seconds, it doesn’t need to connect to anything.
What you do need to make sure of though, is that the time on your authenticator device is in sync with Xero. Xero uses an automatic clock service to set the time, as do most mobile phone service providers, so we recommend you allow your network provider to set the time automatically. Manually setting the time can lead to out-of-sync issues and an invalid code error.
Our lives are increasingly digital but many people still use and share weak passwords that are easily guessed, or fail to keep software and anti-malware up to date. For this reason, two-step authentication is being used more and more in everyday situations where security and privacy are important, including access to online banking and email.
What may appear to be temporarily inconvenient has been proven to significantly reduce the risk and inconvenience of a compromised account.
You use your existing two-step authentication (2SA) setup when moving 2SA to a new phone, so it’s best to keep your old phone until you’ve completed setting up the new one. Visit our guide for step-by-step instructions.