The Business Advisory Blog

The Business Advisory Blog

Insight, news and updates from Alliott NZ Chartered Accountants, Auckland New Zealand. The views expressed here are the views of the author and should be discussed in further detail should an article be relevant to your individual circumstances.

While every effort has been made to provide valuable, useful information in this publication, this firm and any related suppliers or associated companies accept no responsibility or any form of liability from reliance upon or use of its contents. Any suggestions should be considered carefully within your own particular circumstances, as they are intended as general information only.

Greg Millar
Published on

Stronger security for your Xero account

Why two-step authentication is essential for your business

cloudLarge corporations get most of the publicity when it comes to cybercrime and hacking. But cyber criminals are also targeting small businesses.

Security industry research shows that over 40% of cyber attacks last year targeted small businesses and this is increasing. That’s why Two-Step Authentication is an important security measure you need to take.

Businesses get subjected to a constant barrage of phishing scams and malicious software attempting to steal user account names and passwords. So it’s vital that businesses everywhere ensure they have strong security practices to keep their information secure. Security is an issue that everyone needs to take seriously.

Two-Step Authentication (2SA) is available to all Xero customers to provide an additional layer of security for your Xero user accounts. Using two-step authentication significantly reduces the risk of your Xero account becoming compromised if your password gets stolen by phishing or malware.

Many online services offer additional authentication. Whether it’s called Two-Factor Authentication (2FA), Multi-Factor Authentication (MFA), or Two-Step Verification (2SV), it all works in much the same way.

Furthermore it significantly increases the security of your account. Xero strongly recommends using 2FA/MFA/2SV wherever it’s available. This is particularly important in protecting your email and any other account where you may have sensitive, personal or financial information.

How does Two-Step Authentication work?

When you have two-step authentication enabled you need to provide two authentication “factors” to login, plus your Xero username. The first factor is something you know, your password.  The second factor is a unique six-digit code that’s generated by a separate app on your smartphone. Try something like the Google Authenticator app, Authy or other similar apps.

With two-step authentication enabled, only the Xero user with access to that trusted device will be able to log in. This makes it more difficult for unauthorised people to access your data.

If you don’t have your mobile device with you when you need to login to Xero, you can answer the security questions that you set up when you enabled two-step authentication. We recommend that you only use the fallback questions when necessary. Xero advise strongly against using them as a regular alternative to the authenticator app.

Trusted Device Recognition

In addition, Xero’s two-step authentication has trusted device recognition. You’ll be able to select “Remember me for 30 days” as an optional setting. If you select “Remember me for 30 days” you won’t need to perform the second authentication step on that device for 30 days.

Individual users have the option of enabling two-step authentication when they log-in to Xero. From within the Users Settings page, a Subscriber, or a user with Manage Users access, can see which users of their organisation have enabled Two-Step Authentication.

Security is a constantly evolving issue for the tech industry. We strongly encourage all Xero users – and technology users in general – to remain vigilant about the online solutions they use. If you have any questions about this area, please call Alliott's Xero Specialists in Auckland on 09 520 9200.

Source: Xero. For updates on any known phishing or other scams targeting our community, or for any recommendations on how to protect yourself from them, please check Xero's Security Noticeboard.

Topics: Phishing scam security technology Xero