Stay safer online with two-step authentication

When it comes to keeping your data secure, put an extra deadbolt on the door. Sensible cyber safety practices are a necessary part of modern life. Just one easily guessed password can stop your business in its tracks.

Set up 2SA
hand holding folder labelled private

The numbers

978 million people in 20 countries were affected by cybercrime in 2017.

One in four small businesses experienced a cyber attack or hacking attempt in New Zealand and Australia.
Norton Cyber Security Insights Report 2017 Global Results

hand holding mobile phone

The changes

In 2018, the Australian Tax Office's updated the online security requirements for customers of software providers that connect with the ATO. It is now compulsory for anyone with access to an Australian organisation on Xero to have 2SA enabled on their login. The same is true for customers using other cloud-based platforms.

How to set up 2SA

Step 1 - Download an authenticator app

Download an authenticator app to your phone (or desktop if you don't have a smartphone) from your app store. We suggest Google Authenticator or Authy.


Step 2 - Sync the app with Xero

Follow these Xero Central instructions or watch the videos below to sync the authenticator app to your Xero login and set your security questions.


Step 3 - Logging in to Xero

Next time you logi n to Xero, you'll need to enter your email and password as usual, then open your autenticator app and enter the passcode to sign in.


Mobile device setup

Desktop device setup

Additional ways to secure your data

  • Set up an alternative email in case you need another way to verify who you are
  • Keep your software up to date; that includes the apps on your phone 
  • Keep your login details to yourself. It costs nothing to invite others to use Xero with their own login
  • Use strong, unique, private passwords (not your cat's name!)
Frequently asked questions

Want more info on 2SA and security?

Managing security in Xero course

Take a look at why security is such an important part of keeping your business running, and know what to look for when the cyber criminals come knocking. 

Check it out