<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1770121733210701&amp;ev=PageView&amp;noscript=1">

Xero Two-Step Authentication

Posted by: Eye on Books on 9 Sep 2018 | 0 Comments
Starting Mid-September 2018, Xero will require all payroll admin users to setup two-step authentication providing an additional layer of security.

Related blog categories: XERO, Payroll, How-To


As a payroll admin user in Xero you have access to a lot of very personal information of your employees.  Information that's very attractive to hackers for identity theft crimes.

Two-step authentication (2SA) provides an extra level of security by requiring your usual email address and password, AND a unique code generated from an app on your smartphone which changes every 30 seconds or so.

This way even if your password is compromised by an attack, they'll still be unable to access your Xero account and more importantly your employee payroll data.

Find out more & how to setup 2SA for your Xero business. We've prepared a list of must-know information to get you going. 


To make things even easier, check out our video tutorial below;



Security questions and alternative email

There may be times you don't have access to your authentication device (mobile phone at home, or out of battery), so you can still log in using a different method.  Either answer a few security questions that only you know, or get a one-off authority code from an alternative email address

You must setup security questions when setting up 2SA, but the alternative email address is optional.  If you do setup the alternative email address, you'll be given the option of using either the security questions or the alternative email, if you don't have your authentication device.

The alternative email address can NOT be the same as your Xero logon email address!!


Install an authenticator app

The first thing you'll need to do is download an authenticator app on your smartphone.  As of the date of this blog, the easiest to use is the GOOGLE AUTHENTICATOR app.

Google Authenticator is available for download from both ITUNES and GOOGLE PLAY.  Simply click below for your required device and the link will take you straight to the app.


Appstore Logo             GooglePlaystore Logo

Then follow the installation instructions provided for your device to add an account.


Set up two-step authentication

  1. When you next login to Xero, it may ask you to setup 2SA.  Click on SET UP 2SA NOW
  2. Xero will display a qcode barcode on the screen.  Open your authentication app on your smartphone, and select ADD ACCOUNT to create a new account on your authentication app.
  3. Hold your phone up to the screen so the app can scan your barcode.  Once successful, the app will then display a unique 6 digit code.
  4. Enter this code back into Xero.
  5. Select your three security questions and type answers, then click NEXT
  6. Enter an alternative email address (see below), or click NOT NOW
  7. Click DONE


Add an alternative email address

You can also add an alternative email address during the setup process.

  1. Enter your alternative email address and click SEND CODE
  2. Check your email, and note down the six-digit code sent to your alternative email address
  3. Return to the setup screen in Xero and enter the code and click CONFIRM EMAIL
  4. Click FINISH


turn off two-step authentication

If you're not a payroll admin, you may still have the ability to TURN OFF two-step authentication if you wish.  To do this;

  1. Login to Xero
  2. Go to YOUR NAME up the top right of Xero and click ACCOUNT
  4. Enter the six-digit code generated by your authentication app
  5. Click DISABLE

You can uninstall the app from your mobile device as well after successfully disabling two-step authentication in Xero


If you get stuck, and can't manage to get Two-Step Authentication in Xero working, don't hesitate to contact us, and we'll be able to help you in any situation.




Leave comment