What is MFA?
Multi-factor authentication (MFA) is an additional way of checking that it’s really you when you log in. It combines something you know (your username and password) with something you have (an authentication app on your smartphone or tablet). This second layer of security is designed to prevent anyone but you from accessing your account even if they know your password.
Did you know?
Up to 80% of data breaches can be prevented with basic actions like enabling multi-factor authentication to protect yourself and your customers from attacks.
Source: DBIR, 2020
Statistics show that:
- 70% of breaches are caused by ‘bad actors’, with 55% of these in organised crime*
- 67% of breaches are due to credential theft, errors and social attacks*
- financial gain is still the primary motive for cyberattacks*
- the global average cost of data breaches reported in a 2019 report was US$3.9 million^
*Source: 2020 Verizon Data Breach Investigations Report
^ Source: Security Intelligence
Receive push notifications for fast authentication
Step 1: Download Xero Verify
Xero Verify is the only authenticator app that sends push notifications when you log in to Xero. Download Xero Verify from the Apple or Google app store.
Step 2: Sync the app with Xero
Follow the steps for setting up multi-factor authentication or watch the videos below to see how to sync Xero Verify to your Xero login and allow it to automatically send notifications to you.
Step 3: Logging in to Xero
When you log in to Xero, enter your email and password as usual. Xero Verify immediately sends a notification to your mobile device. Just approve it and you’re all set.
Note: You can also use Google Authenticator, FreeOTP or Authy, but you won’t receive push notifications; you’ll need to enter a code instead. If you don’t have a smartphone or tablet, you can use Authy or WinAuth.
If you’re not asked to set up multi-factor authentication when you log in to Xero, you can set it up yourself. Click your initials or image, click Account, select Set up under Multi-factor authentication, then follow the instructions. The videos below walk you through the steps.
Watch these MFA videos
Additional ways to secure your data
- Have a backup email address in case you don’t have your phone handy or need another way to verify who you are. You should use a strong and unique password with your backup email.
- Keep your software up to date, including the apps on your phone and tablet.
- Keep your login details to yourself. You can invite others into an organisation or client file at no extra cost, but they will need their own login and multi-factor authentication.
- Use strong, unique, private passwords (not your cat’s name!).
- Don’t use the same password for your accounts. This introduces you to additional vulnerabilities that you have no control over.
- Enable MFA on all your online accounts.
Want more info on MFA and security?
Xero Central support pages:
Got a question about MFA?
Find answers to the most frequently asked questions about enabling and using multi-factor authentication.