How to set up Xero Multi Factor Authentication (MFA)

Since the 4th of May, Xero Multi Factor Authentication (MFA) has become mandatory for Xero customers. 

Multi Factor Authentication (MFA) is an additional security process to check that it’s really you when you login to your Xero account – you can think of it as an extra lock on the door to your account. 

Over 80% of account takeovers are due to weak or stolen passwords. No matter how complex they are, you shouldn’t rely on passwords alone to keep important accounts safe. 

MFA uses two layers of security to keep your business’s financial information secure, your Xero password, and an authentication app on your phone or tablet. Implementing MFA significantly reduces the risks of hackers gaining access to your account, even if they have your email address and password.

To help you best secure your Xero account and keep your financial information secure, WK Advisors and Accountants have broken down the process into 3 easy steps for you.

How to set up MFA for your Xero Account 

1. Login to Xero

Login to Xero on your computer with your username and password, if you haven’t already set up MFA on your account, a screen similar to the below image will greet you. Click “Set up multi factor authentication” 

2. Choose an Authenticator App

Now, you need to choose an authentication app. You can use the Xero Verify app, or if you already have an authentication app, like Google Authenticator, you may use that instead. 

• Regular authentication apps provide a code which you will need to copy and then paste into Xero each time you login. 
• Xero Verify allows faster and easier logins by sending a push notification to your phone each time you login to Xero which you can then tap to verify yourself.

Option One: Setting up MFA with Xero Verify

Click “Use Xero Verify”, a screen like this will appear. 

Follow the instructions on the screen by downloading the Xero Verify app on your smartphone. Once downloaded, open the Xero Verify app on your phone, allow access to use your camera, and scan the QR Code that’s displayed on your screen. 

If for some reason you can’t scan the QR code, click “enter a setup key instead”, this will give you a setup key that you can enter to set up Xero Verify instead. 

If you’re an IOS user, you’ll be asked if you want to receive push notifications, click okay.

Xero Verify is now set up on your device, go back to your computer screen, and click “continue”. 

Follow the instructions on the screen to add and confirm a backup email (different to the one you use to login to Xero), or security questions that you will always have access to your Xero account, even if you lose your phone. 

That’s it, you’ve successfully added Multi Factor Authentication with Xero Verify to your Xero account!

The next time you login to Xero, after entering your email address and password, Xero will send a notification to the Xero Verify app on your phone, all you need to do is tap “yes” on it to verify that it’s you.

Option Two: “Use your own verification App” 

Click “Use my own App”, a screen like this will appear.

Follow the instructions on the screen by opening your authenticator app (ie: Google Authenticator) on your phone and scanning the QR code on your computer screen to add your Xero account.

If for some reason you can’t scan the QR code, click “enter a setup key instead”, this will give you a setup key that you can enter to setup MFA instead. 

After you have scanned the QR code, or entered a setup key, click “enter code” on your computer screen and enter the 6-digit code from your phone, onto your computer. 

Follow the instructions on the screen to add and confirm a backup email (different to the one you use to login to Xero), or security questions that you will always have access to your Xero account, even if you lose your phone. 

That’s it, you’ve successfully added Multi Factor Authentication with a verification app to your Xero account!

The next time you login to Xero, after entering your email address and password, Xero will ask you to enter a code. Simply open the authentication app on your phone and copy the code from your app to Xero to verify that it’s you.

Option Three: “Set up a Desktop Application” 

Click “Use my own App”, a screen like this will appear.

Click “Enter Key”

If you haven’t already downloaded the Authy app, you need to do so now. Keep this screen open because you will need it later. Download the Authy Application. Once it is downloaded, open Authy and set it up by following the instructions on the screen. Once you have successfully set up Authy, a screen like this will appear.

Click the plus button to add your Xero account. A screen like this will appear, prompting you to add a key.

Go back to Xero and copy the key. Paste it into the Auth app. Then click “Add account”

Name the account something that you will remember (“Xero” or “Xero MFA” are good options) and select any colour from the list. Make sure the 6-digit token length is selected.

Click save.

Authy has generated a 6 digit code. Go back to Xero and enter in this code.

Follow the instructions on the screen to add and confirm a backup email (different to the one you use to login to Xero), or security questions that you will always have access to your Xero account, even if you lose your phone. 

That’s it, you’ve successfully added Multi Factor Authentication with Authy to your Xero account!

The next time you login to Xero, after entering your email address and password, Xero will ask you to enter a code. Simply open the Authy application on your Computer and copy the code from your app to Xero to verify that it’s you.

 

Still Struggling to get your head around Multi Factor Authentication? Get in touch with your friendly advisor at WK and we’ll help walk you through the process.