Skip to content
← For small businesses

Enter your idea

For small businesses: Payroll

Categories

(thinking…)

UK Payroll - change the standard password, set by Xero, when emailing payslips

Ability to change the standard Xero password when emailing payslips.

Purpose - if emails were hacked, the current standard password (initials & birthdate) set by Xero is easily guessed. It should be possible within Xero to change this standard password.

23 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Pauline Lemon shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anna Jagric commented  ·   ·  Report

    The current process of initials and DOB is a weak protection for very sensitive data. It is easily guessable. As an employer and therefore a data controller it is potentially open for data breach. This NEEDS to be escalated as an urgent product request.

  • Steven Coultas commented  ·   ·  Report

    Why is this not an immediate issue for Xero to address? Such poor security reflects very badly on them.

  • Louis Kenney commented  ·   ·  Report

    What makes this worse is that the details on the password format are provided with the payslip.

  • Susie York Skinner commented  ·   ·  Report

    Would be great for employees to be able to change their password for payslip, or for them to be given an auto-generated password. Am staggered that Xero have such poor security on payslips - just initials and date of birth, which is easily discovered / widely known data.

  • Susie York Skinner commented  ·   ·  Report

    Can I ask that Xero urgently review their password protocol for payslips? At present it is the employee's initials and date of birth. The minute anyone has a significant birthday, DoB will be known to all colleagues and security protocols for payslip totally undermined. I'm astonished that Xero think this is an acceptable level of security.