We live in the clouds these days. Well, our most valuable information does. 

The more we live online, the more criminal activity lives online. Cybercrime continues to evolve and become more complex, with new measures being taken every year to protect against the latest security breaches.

Gone are the days when one password was enough to protect your personal and business information. Nowadays, one of the most fundamentally important security measures to take is 2-step authentication. 

Protect your information with an extra level of security

2-step authentication, often called 2-factor or multiple-factor authentication, simply means having to complete a second stage of security to get into your digital accounts. 

Usually this means entering a code, but rather than one you remember or save, it’s a code sent to your device in real time. This means that your account can only be accessed by someone who has your email address and password and has hold of your device. 

Isn’t Xero already secure?

Short answer? Very much so. Xero uses bank-level security to keep your information safe: 

    • Data is encrypted – Xero encrypts your data and has multiple layers of firewalls in place. Their data centres and servers are controlled and monitored 24/7.
    • It’s always backed up – Your data is stored in the cloud, and no one has access to your account unless invited. If your computer is lost, stolen or broken, your data is backed up and protected. 


  • You’re kept updated – You have access to a security noticeboard where the Xero team will keep you up to date with any news on the latest scams, so that you’re aware of what to look out for. 


That being said, Xero also recommend you enable 2-step authentication. Though it is optional right now for UK Businesses, they have already made it mandatory in Australia. There’s a good chance as measures increase, it will become mandatory for users across the board.

We highly recommend all our clients use this option to feel at peace knowing their financial data is as protected as it can be. 

How do I set it up in Xero?

  1. You need to install an authentication app first

An authentication app is the middleman between you and your account. You install this on your device first. Here are the authenticators that work with Xero:

  • Google Authenticator – this works with Android devices, iPhone, iPod Touch, iPad, and BlackBerry devices.
  • Authy – this works with iPhone, iPad, Android, Mac computers and Windows computers 
  • Windows Authenticator – this is particularly for Windows Phones 
  1. Go to the web version of Xero and login
  2. From your initials, click on Account and select Account from the user menu
  3. Click setup on the 2 Factor Authentication option
  4. Open your authenticator app and add a new account 
  5. Scan the barcode Xero gives you into your authenticator app or enter your key manually (making sure you turn on Time-based if you do).
  6. Your authenticator app will provide a code – enter this in Xero and select next
  7. Decide on three security questions and give your answers
  8. Enter an email address as an additional recovery method (optional)
  9. Click done, and your 2SA is set up 

For any information on managing your 2-step authentication process, from changing to a different or new device to using the recovery method for logging in, follow these instructions from Xero.

By now you should have a good feel for Xero and how to navigate the software. Save yourself the time figuring it all out by heading over to our training page, where we have instructional videos for key tasks.