Brought to you by

Welcoming the introduction of 2SA in Australia

Posted 3 years ago in Advisors by Rob Stone
Posted by Rob Stone

In our modern world, the prioritisation of online security and safety has never been more important for practices. And just like you, we will do everything we possibly can to keep your data and your clients’ data safe and secure at all times.

As of this week – in line with new security framework from the Australian Taxation Office – two-step authentication (2SA) became mandatory for any Xero practices and accountants and bookkeepers with access to Australian small business clients.

If you’re an accountant or bookkeeper operating within Australia, or operating outside Australia with access to Australian organisations, you’re now required to set up an extra layer of security to access Xero. In addition to your usual username and password, 2SA requires you input a unique code generated on a second device, making it more difficult for unauthorised people to access your data and that of your clients. You are prompted to provide this extra information once every 30 days on the same device.

Hindrance or extra line of defence?

So, if you’re in practice, should you welcome the mandatory introduction of stronger security measures?

Absolutely. As we already know through our research, accountants and bookkeepers are considered trusted advisors to small business owners in Australia. Through the connective powers of platform technology and hard-earned client relationships, you operate in the unique position of being invited to access and analyse a business’ real-time data, in a bid to build better businesses together.

Proactive security measures, like this, support and help to protect that trusted advisor role in the industry. What may feel like a minor inconvenience will help build a practice that puts security front and centre, for you and your clients.

Building stronger businesses together

As technology providers like Xero provide the platform for you and your clients to enjoy the business benefits of increased connection, transparency and community, we do so through continued investment in controls that strengthen online security every day.

I encourage you to do the same. Use this as an opportunity to assess your own security practices and introduce 2SA protocols wherever else you can, such as across your email accounts. Start to communicate frequently and often with your team about the importance of password security, so people understand it’s not acceptable to use passwords that are also being used elsewhere.

These are simple measures that, working together, can help you build an even stronger business.

For more information, visit Xero’s security page, get updates on the latest security issues on Xero’s security noticeboard or forward suspicious, Xero-branded emails to To learn how to manage the changes for mandatory 2SA, take our free Two-step authentication course.

Leave a reply

Your email address will not be published. Required fields are marked *