MFA | Add support for Yubikey
Please can you add support for Yubikeys, the development webpage is here:

Thanks for sharing with us here, everyone. We appreciate why you'd like simpler methods to improve efficiency when logging in to use Xero.
Our product team have started some work to enable logging into Xero using passkeys. As mentioned in some of your comments, this'll support Yubikeys by default.
For now, we'll move this idea to Under review and I'll come back to keep you updated on the latest news for this feature.
-
Tracy Phua commented
ETA please
-
Josh De Raadt commented
Everyone voting for this should also vote for SSO. Crazy that they're happy to increase price without one acceptable login method that meets cybersecurity requirements in Australia. I have customers looking to move away from Xero for these features.
-
Jonathan Greene commented
+245 days later... no Yubikey support. Yubikey without a passkey please.
-
Jason Loeken commented
Please provide an ETA for this.
-
Jonathan Greene commented
Is there an ETA for YubiKey support?
-
Jonathan Greene commented
There is a distinction between using a YubiKey and a Using a Yubikey with a passkey. I request YubiKey ONLY.
Passkeys add friction and the YubiKey request is to REDUCE friction.
Also, please support multiple Yubikeys per user.
-
Josh De Raadt commented
If not offering SSO, this is essential.
-
Andrew Richards commented
It's now 8 months since you moved this to "Under review". How long will it take to review something so critical as modern security?
-
Tim Burne commented
Hi, any updates on this?
-
Kirsten Crutchley commented
Second all comments below, this is an essential addition.
-
Jason Loeken commented
Please Add Fido2 authentication as this will speed up MFA and 2FA auth.
it will work on phones via NFC contact of the key to your phone and with workstations you need to tap the sensor. we use it for all our other security MFA applications.
- Faster to log in
- Most secureFIDO2 is the best...
-
John Crane commented
A core driver for cyber criminals is to steal money. It should be a standard offering to have a hardware based, phishing resistant authenticator like Yubikey on a financial system. Please take this seriously Xero.
-
Ben Curthoys commented
I just got a pair of Yubikeys because AWS was nagging me constantly for MFA and I worry about losing my phone.
Did not occur to me to check in advance whether Xero would support Yubikey, I just assumed it would, and I'm honestly shocked and a bit embarrassed for you that you don't.
-
Iain Elder commented
Just started using Xero.
Every time I log in it wants me to set up MFA.
Yubikey is my preferred option here.
-
Stephen Gallaher commented
Support for hardware security keys like Yubikey would significantly enhance security of Xero. Because we are storing sensitive financial data, we need to have strong control over access that security keys provide.
-
John Moseley commented
We want to make use of the Yubikey solution to improve the security of access to Xero.
-
Joe McBrien commented
100% agree
-
Noel Dixon commented
I just purchased a set of Yubikeys, so this would be a great option, yet I thought it would have already been available? This request may perhaps go the way of the years long requests for dark mode.
-
Bob Anderson commented
+1 please add this option to make access to Xero more secure.
-
Nigel Herring commented
Time to get ahead of the curve Xero. Provide support for Yubico. Customers don't want multiple processes or proprietary keys. One key for everything. Get it happening.