Add a second layer of security with multi-factor authentication

Just one easily guessed password can stop your business in its tracks. Xero has put an extra deadbolt on the door to help keep your data secure.

MFA combines your username and password with an authentication app on your mobile device to verify it’s you logging in.

What is MFA?

Xero adds MFA as a second layer of security. You’ll get notified on your mobile phone when you log in to Xero.

Multi-factor authentication (MFA) is an additional way of checking that it’s really you when you log in. It combines something you know (your username and password) with something you have (an authentication app on your smartphone or tablet). This second layer of security is designed to prevent anyone but you from accessing your account even if they know your password.

Did you know?

 cyber criminal gains access to a user’s account, which doesn’t have multi-factor authentication enabled.

Up to 80% of data breaches can be prevented with basic actions like enabling multi-factor authentication to protect yourself and your customers from attacks.

Source: DBIR, 2020

Statistics show that:

  • 70% of breaches are caused by ‘bad actors’, with 55% of these in organized crime*
  • 67% of breaches are due to credential theft, errors and social attacks*
  • financial gain is still the primary motive for cyberattacks*
  • the global average cost of data breaches reported in a 2019 report was US$3.9 million^

*Source: 2020 Verizon Data Breach Investigations Report

^ Source: Security Intelligence

Receive push notifications for fast authentication

Step 1: Download Xero Verify

A mobile phone screen displays the Xero Verify authenticator app on the app store.

Xero Verify is the only authenticator app that sends push notifications when you log in to Xero. Download Xero Verify from the Apple or Google app store.

Step 2: Sync the app with Xero

A mobile phone displays a QR code and a message saying ‘Scan this QR Code’ as part of syncing Xero Verify to your Xero login.

Follow the steps for setting up multi-factor authentication or watch the videos below to see how to sync Xero Verify to your Xero login and allow it to automatically send notifications to you.

Step 3: Logging in to Xero

After logging in to Xero on your laptop, Xero Verify sends a notification to your mobile device to verify the login action.

When you log in to Xero, enter your email and password as usual. Xero Verify immediately sends a notification to your mobile device. Just approve it and you’re all set.

Note: You can also use Google Authenticator, FreeOTP or Authy, but you won’t receive push notifications; you’ll need to enter a code instead. If you don’t have a smartphone or tablet, you can use Authy or WinAuth.

If you’re not asked to set up multi-factor authentication when you log in to Xero, you can set it up yourself. Click your initials or image, click Account, select Set up under Multi-factor authentication, then follow the instructions. The videos below walk you through the steps.

Watch these MFA videos

Additional ways to secure your data

A small business owner uses their laptop and mobile phone to set up multi-factor authentication for their Xero account.
  • Have a backup email address in case you don’t have your phone handy or need another way to verify who you are. You should use a strong and unique password with your backup email.
  • Keep your software up to date, including the apps on your phone and tablet.
  • Keep your login details to yourself. You can invite others into an organization or client file at no extra cost, but they will need their own login and multi-factor authentication.
  • Use strong, unique, private passwords (not your cat’s name!).
  • Don’t use the same password for your accounts. This introduces you to additional vulnerabilities that you have no control over.
  • Enable MFA on all your online accounts.

Want more info on MFA and security?

Blog posts:

Xero Central support pages:

Got a question about MFA?

Two small business owners chat about multi-factor authentication over coffee.

Find answers to the most frequently asked questions about enabling and using multi-factor authentication.