Mandatory Xero 2 Step Authentication for Payroll Admins and Subscribers

Xero and Fitzpatrick Group – both champions in Cybersecurity.
Xero further enhances their multi-layer security, making 2 Step Authentication compulsory for payroll administrators and subscribers starting from 11 September 2018. Payroll Admins and Subscribers will only be able to access their account once they have set up 2SA.

What if I am not a Payroll Admin or Subscriber?

All remaining Xero users will be required to set up 2 step authentication by 20 November 2018. This new cybersecurity process has been added to further improve security for users and clients to reflect recent cybersecurity recommendations provided by the ATO.

Will I be able to set up 2 Step Authentication before the compulsory compliance date?

Xero will be sending out invitations on 23 October 2018 to give users a chance to become compliant to prevent time-consuming interruptions in their workflow.

What does 2 Step Authentication mean for my business?

It means added security – an extra layer of protection to ensure that confidential details and information can only be seen by people who are meant to see them.

How does it work?

2SA works by connecting your login credentials to a device that you have access to at all times. This is often your phone. Xero uses the Google Authenticator with a rolling code that changes intermittently.

Once you have logged in to your Xero account – you will be prompted to enter the code found in your Google Authenticator App from your selected device. Enter the code you see on screen to authenticate and complete the 2SA login process. You also have the option to set your login device as a trusted device for 30 days. This will allow you to login on the trusted device without the second step for 30 Days.

If you do select this option it’s important to note that deleting your browser history before the date you authenticated will result in the 30 Day Trusted Device condition to dissolve.

2 Step Authentication Process

Xero 2 Step Authentication

Important Dates

11 September 2018
AU Payroll Administrators and Subscribers required to be 2SA compliant.

23 October 2018
Early Xero invitation to opt-in to 2SA for remaining Xero clients

20 November 2018
2SA becomes compulsory for all Xero Clients.

Have any questions?