Xero responds to compromised accounts with two-step authentication

Xero responds to compromised accounts with two-step authentication

Steps up security posture to combat increase in scams targeting customers


Cloud-based accounting software provider, Xero, has introduced two-step authentication for user accounts in an attempt to beef up security after a number of customers had their accounts compromised in late October 2015.

At the time, Xero said it was aware of an increase in phishing scams targeting customers and sent an email to users directing them to change their passwords.

Xero head of security, Paul Macpherson, said data security was an industry-wide issue that everyone needed to take seriously.

“We regularly educate our customers on following good security practice in their business at all times. Phishing scams that attempt to steal account names and passwords are an ongoing issue for all online and financial services, so it’s vital that businesses everywhere who use these services ensure they have strong passwords and keep their information secure,” he said.

The two-step authentication process verifies the identity of a user by requiring them to use their existing password and a second, unique code randomly generated by the Google Authenticator app on their smartphone. Xero said the additional authentication step makes it more difficult for unauthorised people to access accounts.

Xero users will have to enable the feature on their account when they log in. Xero subscribers and managers are able to see which users in their organisation have enabled two-step authentication.

“We will continue to build in these types of system controls to give our customers as much protection as we can but we also strongly encourage all Xero users — and technology users in general — to remain vigilant about the online solutions they use,” Macpherson added.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags security breachxerohackedtwo-step authentication


Brand Post

Show Comments