A couple months ago, Xero made it compulsory for all Xero Partner’s to have two-step or two-factor authentification on their logins. And whilst we all rolled our eyes and were a little bugged about the additional step we now needed to complete upon logging in daily to assist our clients, we have seen first hand – locally – the effects of a cyber attack in Xero.
Knowing that our clients have been maliciously targeted through malware hit too close to home, so we are here today to let you know what Two-Step Authentication (2SA) is, and why it’s essential for your business.
Security industry research shows that over 40% of cyber attacks last year targeted small businesses and this is increasing.
Businesses get subjected to a constant barrage of phishing scams and malicious software attempting to steal user account names and passwords. So it’s vital that businesses everywhere ensure they have strong security practices to keep their information secure. Security is an issue that everyone needs to take seriously.
Two-Step Authentication (2SA) is available to all Xero customers to provide an additional layer of security for your Xero user accounts. Using two-step authentication significantly reduces the risk of your Xero account becoming compromised if your password gets stolen by phishing or malware. (From Xero Blog)
How does Two-Step Authentication work?
When you have two-step authentication enabled you need to provide two authentications “factors” to log in, plus your Xero username. The first factor is something you know, your password. The second factor is a unique six-digit code that’s generated by a separate app on your smartphone. Try something like the Google Authenticator app, Authy or other similar apps.
With two-step authentication enabled, only the Xero user with access to that trusted device will be able to log in. This makes it more difficult for unauthorised people to access your data.
If you don’t have your mobile device with you when you need to login to Xero, you can answer the security questions that you set up when you enabled two-step authentication. We recommend that you only use the fallback questions when necessary. We would advise strongly against using them as a regular alternative to the authenticator app.
Watch the video below to see how to setup and use Two-step authentication.