UK Payroll - change the standard password, set by Xero, when emailing payslips
Ability to change the standard Xero password when emailing payslips.
Purpose - if emails were hacked, the current standard password (initials & birthdate) set by Xero is easily guessed. It should be possible within Xero to change this standard password.

-
Caroline Lewis commented
Using the national insurance number is better than the current format, it is not easily known by many people and much more secure than initials and date of birth, the current facility does not seem to comply with GDPR with how easy it would be for anyone to know or find out
-
Anna Jagric commented
The current process of initials and DOB is a weak protection for very sensitive data. It is easily guessable. As an employer and therefore a data controller it is potentially open for data breach. This NEEDS to be escalated as an urgent product request.
-
Steven Coultas commented
Why is this not an immediate issue for Xero to address? Such poor security reflects very badly on them.
-
Louis Kenney commented
What makes this worse is that the details on the password format are provided with the payslip.
-
Susie York Skinner commented
Would be great for employees to be able to change their password for payslip, or for them to be given an auto-generated password. Am staggered that Xero have such poor security on payslips - just initials and date of birth, which is easily discovered / widely known data.
-
Susie York Skinner commented
Can I ask that Xero urgently review their password protocol for payslips? At present it is the employee's initials and date of birth. The minute anyone has a significant birthday, DoB will be known to all colleagues and security protocols for payslip totally undermined. I'm astonished that Xero think this is an acceptable level of security.