In this day and age, you can do almost anything online. Whether you’re shopping for clothes or a new kitchen, keeping up to date with your online banking or updating your accounting software for your business; online solutions are often making things more easily accessible and convenient.

You may have heard various things in the news in recent years about cyber safety and how to keep your data safe online. Gone are the days where you could use “123456” as your password. We’re now encouraged to use unique passwords, often involving a random combination of letters, numbers and special characters.

But there is more you can do to protect your data on Xero.

You may have seen notifications to set-up two-factor (2FA) or multi-factor (MFA) authentication on your various accounts and Xero have taken steps to implement MFA for your security. Although we have not seen any major data breaches to Xero or any other bookkeeping software, the nature of the internet is making the risk ever more likely and Xero has realised this. Multi-factor authentication can and will protect you in the event of one of these breaches by requiring you to enter a randomly generated code sent to your own device via a free app.

In order to set this authentication up:

1. 1. Download the Xero Verify app onto your smartphone or tablet via the App Store (operating system iOS 13.0 or newer required) or the Google Play Store (operating android 5.0 or newer). The app is completely free so it does not cost you a penny to protect your financial information stored on Xero. 
   2. When you go to login to the app, you will be asked to set-up with multi-factor authentication and they have provided a step-by-step guide but it takes 2 minutes. 
   3. Simply enter your email and password, then a notification will come through to your device to approve your sign in, tap “approve” and you are in.

Once you have followed those instructions you are good to go!

If your phone is not able to use Xero Verify because it is not Apple or Android, there are other options. You can use Google Authenticator, which is another free app but is run by a third party, on your mobile device. Alternatively you can also download an application on your desktop such as FreeOTP or Authy which are also free to download and use. The only real difference between Xero’s own authenticator and third party apps is you will not receive push notifications to your device to approve the sign in; you will need to type or copy and paste the code displayed in the other apps instead.

An important note is that you can tick a box allowing you to sign in without the authenticator for 30 days after you have used it last. Rest assured this is only for when you sign in on your account on that particular device and won’t automatically approve other devices. You shouldn’t tick this box if you are using a shared computer or device with persons you do not want to access your Xero.