ATTN: Xero Users! Did the below page appear when you attempted to login to Xero this morning?
As a subscriber or Payroll Administrator in Xero with access to sensitive data and employee information, 2SA (Two-Step Authentication) will be compulsory on your login by 11 September.
We’ve received some comments from clients, that if you select “Not Now” that an error message appears – Which we believe Xero will work to fix soon. BUT as this will be required from you by 11th September regardless, we recommend setting this up today.
Why do I need it?
We have seen first hand – locally – the effects of a cyber attack in Xero.
Knowing that our clients have been maliciously targeted through malware hit too close to home, so we believe that 2SA is essential for your business.
Security industry research shows that over 40% of cyber attacks last year targeted small businesses and this is increasing.
Businesses get subjected to a constant barrage of phishing scams and malicious software attempting to steal user account names and passwords. So it’s vital that businesses everywhere ensure they have strong security practices to keep their information secure. Security is an issue that everyone needs to take seriously.
How does Two-Step Authentication work?
When you have two-step authentication enabled you need to provide two authentications “factors” to log in, plus your Xero username. The first factor is something you know, your password. The second factor is a unique six-digit code that’s generated by a separate app on your smartphone.
How do I set it up?
Simply press the ‘Set up 2SA now’ button and Xero will walk you through the steps to strengthen your security.
Alternatively, follow step by step here, and watch this video to see how it works:
What happens if I cannot access my mobile device when I need to login?
You will need to enter the code at least once every 30 days, so you will not need to access your device every time you login. If you don’t have your mobile device with you when you need to login to Xero, you can answer the security questions that you set up when you enabled two-step authentication.