Two-Step Authentication

With the risk of scams increasing daily, having the best security in place over your data online is becoming increasingly important. Did you know that Xero has a feature to add another layer of security to your Xero account? Best of all, it’s free and easy to set up!

About two-step Authentication

  • Two-step authentication combines something you know – your email address and Xero password – with something you have – an authentication code created by an app on your mobile device.
  • You’ll need an authentication code each time you sign in, although you can set an option to use one code for 30 days.
  • If you don’t have access to your mobile device, you can still log in using backup security questions.
  • When a user sets up two-step authentication, it applies to that user’s login only, and on any device the user logs into Xero on.


Set up two-step authentication

Install an authenticator app on your mobile device

Download and install the relevant authenticator app for your device:

  • Google Authenticator for Android devices, iPhone, iPod Touch, or iPad, and BlackBerry devices (Google Accounts Help Center)
  • Windows Authenticator for Windows Phones (Microsoft Store)
  • WinAuth for Windows computers (WinAuth website)​, then select Google as the authenticator type

Follow the installation instructions provided for your device to add an account.
You may also need to install a barcode scanner app, so you can scan the QR code in Xero.
Set up two-step authentication in Xero
Image of the Account link under the user's name.

  1. Go to [Your Name], then click Account.
  2. Under Two-step authentication, click Setup.
  3. Open the authenticator app on your mobile device and scan the QR code in Xero.You can also enter your secret key manually and add these details to your authenticator app. Make sure you turn on Time-based if you’re using manual entry.
  4. Click Next.
  5. Enter the authentication code provided by your authenticator app into Xero, then click Next.
  6. Select your three security questions and type answers, then click Next.The security questions can be used as a backup if you don’t have your device or the code is not working.
  7. Click Done.

The next time you log into Xero, you’ll need to enter your authentication code in addition to your email address and password.
More info can be found in the Xero Help Centre.


Need support with your business? We Can Help You