Not a moment too soon, cloud accounting software provider Xero has joined the trend to two-step authentication.
The traditional username/password combination isn't particularly secure. For example, it's not that difficult to watch over someone's shoulder while they are logging into a system, either directly or via a surveillance camera. Malware on the computer may capture keystrokes or the use of an on-screen keypad. Or users may be tricked into giving up their credentials by phishing campaigns.
So there is increasing interest in adding a step to help ensure that the person logging in really is the authorised user of that account.
You may have seen this in internet banking, where to complete a transaction you have to enter a security code that the system sent to you via SMS.
Another approach is to use a phone app that automatically generates a code that the system can confirm corresponds to your identity. Such codes typically have a very limited lifespan and can only be used once.
That's the route that Xero has taken. Starting today, the company allows individual users to opt-in for two-step authentication, and then use the Google Authenticator app for Android or iOS to generate a one-time code during the login process.
Xero subscribers and managers can see which of their users have enabled two-step authentication.
"Protecting our customers' information and business data is our number one priority," said Paul Macpherson, Xero head of security. "That's why we've enhanced Xero to include another layer of control that will make it significantly more difficult for anyone other than the Xero account holder to access their information."