Two Factor Authentication, also known as 2FA is an extra layer of security that is known as "multi-factor authentication" which requires on top of a username and a password another security option accessible exclusively by the user, such as a physical token or a code provided by an app on their smartphone.

Security Enhancement

Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person's personal data or identity. Using Two Factor Authentication can help lower the risk of identity theft or access to software information.

Set Up Two Factor Authentication in Xero

To set up Two Factor Authentication the User needs to install an authenticator app on their phone and then link it with their Xero account. Each user in the Xero organisation needs to set up Two Factor authentication individually. When a user sets up Two Factor authentication, it applies to that user's login only, and on any device, the user logs into Xero. 

Change a Smart Device

If a User has changed their smart device, they should first disable Two-Factor Authentication from the old device and then re-enable it on the new device. 

Login To Xero using 2FA

When the user logs into Xero, an authentication code must be entered from the authenticator app. Authentication codes may be entered either each time a user signs in or every 30 days. If the user can't access the device, they can still log in using backup security questions or a backup email address (this cannot be the same email address assigned to the Xero user account).

1. Log into Xero with your new username and password
   
   è  The Set up multi-factor authentication screen opens
   
   
   
   
2. Click on [Set up multi-factor authentication]
   
   è  The Choose an authenticator app screen opens
   
   
   
3. Click on [User my own app]
   
   è  The Phone multi-factor authentication screen opens
   
   
   
   
4. Open the Authenticator app installed on your phone and scan the QR code, then click on [Enter Code]
   
   è  The Phone multi-factor authentication screen opens
   
   
   
   
5. Enter the security code from the Authenticator app and click on [Confirm]
   
   è  The Add a Backup email screen opens
   
   
   
   
6. Enter the Backup email address and click on [Continue] or if you do not have a second email address, click on Add backup security questions instead
   Note: this cannot be the same email you have used to set up this Xero User account.
   
   è  If you selected the backup email option a confirmation code is sent to this email address
   
   
   
   
7. Go to the backup email address inbox and enter the confirmation code from Xero
   Note: the backup email security code expires in 60 minutes
8. Click on [Confirm email]
   
   è  If you selected the security questions option, the Add Backup security questions screen opens
   
   
   
   
9. Select the first security question from the list and then type the security answer
10. Repeat the above step for all security questions and click on [Submit]
    
    è  The Setup Confirmation message appears
    
    
    
    
11. Click on [Continue to Xero]
    
    è  The Xero Organisation opens

Training Resources & References

ATO - Super for Employers