Skip to content
← For small businesses

Enter your idea

For small businesses: Settings & user roles

Categories

(thinking…)

Multi-factor authentication (MFA) - Enforce for all users

Need the option to be able to force all users to use 2FA.

Security is only as strong as its weakest link.

2 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

AdminXero Team (Admin, Xero) shared this idea  ·   ·  Report…  ·  Admin →
delivered  ·  AdminRudi Moritz (Admin, Xero) responded  · 

Hi everyone. Multi-factor authentication has now been rolled out across the globe and this is now a requirement for all Xero users.
We have a hub of resources available to help everyone get set up and accustomed to the change - Please feel free to share these with your clients and employees. (Sept 21)

Comments are closed An error occurred while saving the comment
  • Andy Carnahan commented  ·   ·  Report

    Multi-factor authentication (MFA) - Enforce for all users - but properly as a system function!

    The previous idea stating that MFA "has now been rolled out across the globe and this is now a requirement for all Xero users" is simply untrue.

    MFA is available (not enforced) but it requires the USER to set it up and not the ADMIN!

    The Admin setting up the new user MUST be the one to require MFA on accounts and not the user. A user follows the path of least resistance and unless followed up will almost NEVER add MFA as it is a "hassle" or make "makes my life too hard".

    In the setting up a user should be a ticked box for "require MFA" that can only be unticked read-only accounts and only then after a warning.

    An accounting system that does not enforce MFA - what could possibly go wrong...