We have had many clients calling about Xero’s implementation of Two-Step Authentication (2SA), so we have created this guide with links to all the information you need to set it up.

2SA is two factor authentication. This has been introduced to add an extra layer of security for Xero account users to protect your account from being compromised by phishing and malware.

How to setup 2SA

Xero have developed comprehensive instructions and videos on how to set up 2SA on your iPhone, Android and PC as well as links to the recommended authenticator apps.

How does 2SA work?

When you have Two-Step Authentication enabled you need to use a second method to login to Xero, e.g. your smart phone. In addition to your standard Xero username and password, you also have to enter a six-digit code provided by a separate app on your smartphone, Google Authenticator .

If you don’t have your mobile device available when you need to login to Xero, you will be able to fall back to answering questions you set up when you enabled Two-Step Authentication in order to gain access to Xero.  The fallback questions should only be used when necessary and not as a regular alternative to the authenticator app.

In addition, Xero’s Two-step authentication will have trusted device recognition. You’ll be able to select “Remember me for 30 days” as an optional setting. If you select “Remember me for 30 days” you won’t need to perform the second authentication step on that device for 30 days.

To find out more about Two-Step Authentication, please review Xero’s Help Center.

Security is a constantly-evolving issue for the tech industry and we strongly encourage all Xero users – and technology users in general – to remain vigilant about the online solutions they use. If you have any questions about this area, please check Xero’s Security Page.