Xero’s Authentication Process is Changing

To better protect your data against cyber crimes, the ATO has implemented changes to the  MFA (Multi-Factor Authentication) regulations. This means anyone that accesses an Australian organisation globally needs to re-authenticate their device every 24 hours, this includes when logging in to Xero.

Currently, all Xero users are required to use MFA to verify that it is really them logging into their account. This authentication can be selected to last 30 days before being required to authenticate again.

From early October, the ability to ‘remember this device’ will be limited to 24 hours instead of 30 days.

This is a regulatory change that has been implemented by the ATO to better combat the growing cybersecurity threats and better protect valuable data. If you think about the sensitive data that is stored in Xero – it is essential to keep it safe.

As all Australians currently use an MFA system when logging in to their Xero account, there is nothing more required to update. All the changes will happen on Xero’s end, and all you will have to do is authenticate every 24 hours.

Although there is no way around authenticating every 24 hours, it has been suggested by Xero to install their Xero Verify app as it will streamline the process.

It’s the only app that lets you authenticate with push notifications and create a time-based numeric passcode in case there’s no wifi, so you can always access your Xero account. You can learn more about the app here.

If you are using any of Xero’s apps, they will also be affected by this new update. When the latest versions are introduced, you will no longer be able to choose the lock device option ‘Don’t lock it’. You will either need to use a security code, which will be available on Android for the first time and is currently available on iOS or use Face ID.