Brought to you by

Why we’re securing your account with Multi-Factor Authentication

Posted 2 months ago in Advisors by Suzy Clarke
Posted by Suzy Clarke

As more people around the world embrace digital technologies, the number of cyber attacks continues to increase. One of the most common types of cybercrime is phishing, designed to access your online accounts and steal your personal and business information.

At Xero, we are custodians of your data and we take that responsibility very seriously. We don’t just tick the boxes when it comes to security – we go above and beyond to make sure Xero is the most trusted platform for small businesses.

To make sure we continue to keep your Xero account secure, we’re making Multi-Factor Authentication (MFA) mandatory for all Xero customers globally in the year ahead.

A global change to protect your business

MFA is a log in verification process that goes beyond typing in your username and password. It gives you access to your account using something you know (your username and password) and something you have (your mobile device or computer).

Think of it like putting an additional bolt on the door. It’s a small but important thing that significantly reduces the risk of unauthorised access to your account, because it’s much harder to steal something you know and something you have.

In fact, research shows that MFA can prevent up to 80% of data breaches. The beauty of using your phone as an authentication method is that it’s always with you, which means you can still access your Xero account anywhere, at any time.

Introducing the new Xero Verify app

To give you fast, easy and secure access to your Xero account using MFA, we’ve created our own authenticator app called Xero Verify. It’s built using the highest security standards and gives us confidence that your account access is in safe hands.

When MFA became mandatory in Australia, we saw a significant drop in account takeovers. We expect it won’t be long before other governments take Australia’s lead. So like everything we do in security at Xero, we’re staying ahead of the game and making it mandatory for all customers globally.

Xero Verify is now available free of charge in the Apple and Google app stores. It only takes a few minutes to set up and sends a push notification to your phone when you log in, so you can just tap and go. We know you’re busy, so we’ve made it beautifully fast and easy to use.

How we’ll help you prepare for MFA

While we encourage you to download Xero Verify and opt-in to MFA when it’s available in your country, we’ll give you plenty of notice before it becomes mandatory. As always, our team is here to support you over the coming weeks and months, to make it as easy as possible for you to stay safe and secure. In the meantime, take a look at our frequently asked questions for all the details.


Michael Hayes
March 31, 2021 at 10.26 am

Great software. Horrible support. Cryptic slow and unhelpful. Takes several hours and basically useless

Beeny Atherton in reply to Michael Hayes Xero
April 7, 2021 at 10.34 am

Hi Michael, so sorry you feel that way about our support. Do you have your case number to hand so I can take a look into this for you? Thanks!

Kay Mead
April 21, 2021 at 10.16 pm

I’m surprised to see the comment from Michael Hayes about support. We’ve raised many support cases over the years for a variety of clients and situations. Yes, support can take a few hours but I don’t see that as a problem, I don’t regard a same day response as slow. But cryptic and unhelpful? Never. Usually I get the answer I need in one go, sometimes I have to explain a bit more if I haven’t been clear enough or if I still can’t see how to put things right.

Peter Michell
April 27, 2021 at 6.20 am

Cant access Xero to file my VAT return as I am on holiday,not in my office. The new MFA has locked me out – just like that whether I wanted it or not. Extremely bad form – whoever sprung this on just like that should be shot for bad management and bad customer relations.

Beeny Atherton in reply to Peter Michell Xero
April 27, 2021 at 1.09 pm

Hi Peter, I’m sorry to hear that you’re experiencing some trouble accessing Xero. If you need to set up MFA, you can find everything to help you get up and running here. If you have already set up MFA and are locked out, please contact us here providing your email address so we can get in touch with you. You can also find some troubleshooting tips here. Hope that helps.

April 30, 2021 at 12.13 pm

MFA is great but it is frustrating that a whole new app needs to be downloaded for this type of thing. It might not seem like it but it is definately a barrier for some users I work with. Building this into the existing app or using existing contact info would have made this easier and more seamless. Even better would be working with apple authentication options for seamless biometric verification.

Beeny Atherton in reply to George Xero
May 6, 2021 at 3.21 pm

Hi George, you don’t need to download a new authenticator app – you can continue to use another authenticate such as Google Authenticator or another app of this nature. The benefit of using Xero Verify is that it allows you to receive a push notification to verify that it’s you – if you choose to use another authenticator app, you’ll need to type or copy the code they provide into Xero when you log in. Find out more here.

Mike Cave
May 5, 2021 at 2.25 pm

I had MFA set up already and now you have cleverly disabled that with this mandatory roll out. Classy

Beeny Atherton in reply to Mike Cave Xero
May 6, 2021 at 3.16 pm

Hi Mike, if you already have MFA set up you shouldn’t need to re-authenticate. We’ve just created a more streamlined and simplified MFA flow for all new customers to help protect everyone’s data and the sensitive information held on Xero with the choice to use the Xero Verify app from the outset (however, you can choose to use another authenticate such as Google Authenticator or another app of this nature). If you need any further help, please refer to our help article here.

Leave a reply

Your email address will not be published. Required fields are marked *