The cloud accounting system makes it harder for the bad guys to steal your business data.
Keeping your online credentials confidential is increasingly a challenge. There have been well-publicised hacks of major companies leading to the disclosure of usernames and passwords, and letting your guard down for an instant can result in a phishing site getting hold of your credentials.
And yes, Xero customers have been tricked in giving away their login details. If you think you can easily spot a phishing attempt, think again – recent examples are a lot more convincing as there are far fewer spelling and other errors, and the designs of the emails and the sites can very closely resemble those they are impersonating.
So Xero now offers two-step authentication to all its users.
When the feature is enabled, any attempt to log in is met with a request for a six-code generated by the Google Authenticator app.
Since it is possible that a bona fide user may not have access to their phone whenever they want to use Xero, there is the option of answering 'secret questions' though the company says this "should only be used when necessary and not as a regular alternative to the authenticator app."
When signing into Xero from an Android device capable of fingerprint authentication, the Xero app accepts a fingerprint as an alternative to the security code. Xero's iOS app has supported Touch ID since late 2014.