As a payroll admin user in Xero you have access to a lot of very personal information of your employees. Information that's very attractive to hackers for identity theft crimes.
Two-step authentication (2SA) provides an extra level of security by requiring your usual email address and password, AND a unique code generated from an app on your smartphone which changes every 30 seconds or so.
This way even if your password is compromised by an attack, they'll still be unable to access your Xero account and more importantly your employee payroll data.
Find out more & how to setup 2SA for your Xero business. We've prepared a list of must-know information to get you going.
- Security questions and alternative email
- Install an authenticator app
- Set up two-step authentication in Xero
- Add an alternative email address
- Turn off two-step authentication
To make things even easier, check out our video tutorial below;
There may be times you don't have access to your authentication device (mobile phone at home, or out of battery), so you can still log in using a different method. Either answer a few security questions that only you know, or get a one-off authority code from an alternative email address
You must setup security questions when setting up 2SA, but the alternative email address is optional. If you do setup the alternative email address, you'll be given the option of using either the security questions or the alternative email, if you don't have your authentication device.
The alternative email address can NOT be the same as your Xero logon email address!!
The first thing you'll need to do is download an authenticator app on your smartphone. As of the date of this blog, the easiest to use is the GOOGLE AUTHENTICATOR app.
Then follow the installation instructions provided for your device to add an account.
- When you next login to Xero, it may ask you to setup 2SA. Click on SET UP 2SA NOW
- Xero will display a qcode barcode on the screen. Open your authentication app on your smartphone, and select ADD ACCOUNT to create a new account on your authentication app.
- Hold your phone up to the screen so the app can scan your barcode. Once successful, the app will then display a unique 6 digit code.
- Enter this code back into Xero.
- Select your three security questions and type answers, then click NEXT
- Enter an alternative email address (see below), or click NOT NOW
- Click DONE
You can also add an alternative email address during the setup process.
- Enter your alternative email address and click SEND CODE
- Check your email, and note down the six-digit code sent to your alternative email address
- Return to the setup screen in Xero and enter the code and click CONFIRM EMAIL
- Click FINISH
If you're not a payroll admin, you may still have the ability to TURN OFF two-step authentication if you wish. To do this;
- Login to Xero
- Go to YOUR NAME up the top right of Xero and click ACCOUNT
- Under TWO STEP AUTHENTICATION, click DISABLE
- Enter the six-digit code generated by your authentication app
- Click DISABLE
You can uninstall the app from your mobile device as well after successfully disabling two-step authentication in Xero
If you get stuck, and can't manage to get Two-Step Authentication in Xero working, don't hesitate to contact us, and we'll be able to help you in any situation.