Multi-factor authentication is an extra layer of security on Xero that protects your account from hackers and security breaches. Why should you use it? The short answer is: you have to. Multi-factor authentication (MFA) is mandatory for all New Zealand-based Xero users. That’s a good thing, and here’s why.
To get into a normal account, someone usually needs two things: your email address and your password. Once you set up MFA, they would need those things and also access to your phone. It’s an extra lock on the door. With Xero, we’re talking about your business and financial information – stuff you don’t want falling into the wrong hands. And don’t think it’s just the big fish that get targeted by hackers! Small businesses with inadequate security get hit all the time and it can get really ugly.
When you log in to your Xero account, you’ll get a notification on your phone. Confirm that it’s you logging in, and you’re away laughing.
You can authenticate your device for 30 days so you only need to MFA once per month per device, or you can go for the high-security option of authenticating every login.
When you log in for the first time, Xero will prompt you to set up MFA. If you missed that memo, no worries, it’s a simple process.
Once logged in, click “Set up multi-factor authentication”. Download the Xero Verify app on your smartphone or tablet from the App Store or Google Play. Open the app and follow the steps in Xero. It’s free and only takes five minutes to set up.
If you don’t want to use your phone or tablet, you can use the Authy desktop authenticator to verify from your computer.
There are other authentication apps you can use, and they work fine. We recommend using Xero Verify because it is the easiest to use and gets you quick access to your account.
Lost or broken phone? Overseas? Out of cellphone coverage or no Wi-Fi? Can’t MFA your way into your Xero account? Nightmare situation, but it’s easy to fix.
If you’re just out of data or in poor reception, the Xero Verify app will continue to generate limited-time codes you can use to access your account.
Can’t access your phone or tablet with the Xero Verify app on it? Don’t panic – there is another way. You can send a one-time access code to your backup email address (perhaps your personal address).
Do you share your account with someone else and they can’t get in? Each person who accesses Xero for your business – whether they be an employee, your accountant, or your nosy mother-in-law – needs their own Xero login and their own MFA set up. You can grant access to an unlimited number of users.