MFA | Add support for Yubikey – Share and support customer ideas for Xero

MFA | Add support for Yubikey

Please can you add support for Yubikeys, the development webpage is here:

https://developers.yubico.com/

68 votes

Rupert Campbell-Black shared this idea · 24 August, 2022 · Report… · Admin →

under review ·

AdminKelly Munro (Community Manager, Xero) responded · 29 August, 2024

Thanks for sharing with us here, everyone. We appreciate why you'd like simpler methods to improve efficiency when logging in to use Xero.

Our product team have started some work to enable logging into Xero using passkeys. As mentioned in some of your comments, this'll support Yubikeys by default.

For now, we'll move this idea to Under review and I'll come back to keep you updated on the latest news for this feature.

Show previous admin responses (1)

An error occurred while saving the comment

Gabriel Brady commented · 23 October, 2025 11:12 · Report

This absolutely positively boggles the mind... Xero is slipping. Xero used to be innovative and first to market... those days are long gone...

At least Xero doesn't support SMS based 2FA like some of the major banks...

It was officially deprecated by NIST in 2016....

https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html

Get with it Xero, the world is moving to passkeys...

Security is a bare minimum requirement. It is a necessary but not sufficient condition. Without security there is no value to anything else you do...

This is what happens when management starts to become non-technical...

Submitting...
Pablo Maurin commented · 04 August, 2025 06:05 · Report

+1

I'm a new Xero user. I selected the product because of the automated bank feeds, invoicing, and what looks like an effort to allow external developers (https://developer.xero.com/) building tools that interact with it.

I am shocked to learn that the best Xero can do for security is just an authenticator app.

I would like the accounting system that is essential for managing ALL of my company financials, and literally moving money in and out of my accounts to be protected by modern security best practices. In this case Hardware keys and passkeys.

Submitting...
Jonathan Greene commented · 24 July, 2025 02:08 · Report

Xero, celebrating 329 days of Yubikey feature review!

Submitting...
Ben Moran commented · 23 July, 2025 14:15 · Report

+1

Submitting...
Kristen Zwarts commented · 17 June, 2025 13:19 · Report

Any ETA on this?

Submitting...
Sawan Patel commented · 13 June, 2025 18:29 · Report

Please enable support for hardware security keys

Submitting...
Tracy Phua commented · 05 May, 2025 17:01 · Report

ETA please

Submitting...
Josh De Raadt commented · 02 May, 2025 09:47 · Report

Everyone voting for this should also vote for SSO. Crazy that they're happy to increase price without one acceptable login method that meets cybersecurity requirements in Australia. I have customers looking to move away from Xero for these features.

Submitting...
Jonathan Greene commented · 02 May, 2025 09:43 · Report

+245 days later... no Yubikey support. Yubikey without a passkey please.

Submitting...
Jason Loeken commented · 02 May, 2025 09:29 · Report

Please provide an ETA for this.

Submitting...
Jonathan Greene commented · 24 April, 2025 07:38 · Report

Is there an ETA for YubiKey support?

Submitting...
Jonathan Greene commented · 24 April, 2025 07:37 · Report

There is a distinction between using a YubiKey and a Using a Yubikey with a passkey. I request YubiKey ONLY.

Passkeys add friction and the YubiKey request is to REDUCE friction.

Also, please support multiple Yubikeys per user.

Submitting...
Josh De Raadt commented · 11 April, 2025 09:56 · Report

If not offering SSO, this is essential.

Submitting...
Andrew Richards commented · 30 March, 2025 10:34 · Report

It's now 8 months since you moved this to "Under review". How long will it take to review something so critical as modern security?

Submitting...
Tim Burne commented · 19 January, 2025 10:39 · Report

Hi, any updates on this?

Submitting...
Kirsten Crutchley commented · 17 December, 2024 00:29 · Report

Second all comments below, this is an essential addition.

Submitting...
Jason Loeken commented · 16 August, 2024 09:16 · Report

Please Add Fido2 authentication as this will speed up MFA and 2FA auth.
it will work on phones via NFC contact of the key to your phone and with workstations you need to tap the sensor. we use it for all our other security MFA applications.
- Faster to log in
- Most secure

FIDO2 is the best...

Submitting...
John Crane commented · 25 May, 2024 13:30 · Report

A core driver for cyber criminals is to steal money. It should be a standard offering to have a hardware based, phishing resistant authenticator like Yubikey on a financial system. Please take this seriously Xero.

Submitting...
Ben Curthoys commented · 15 May, 2024 02:12 · Report

I just got a pair of Yubikeys because AWS was nagging me constantly for MFA and I worry about losing my phone.

Did not occur to me to check in advance whether Xero would support Yubikey, I just assumed it would, and I'm honestly shocked and a bit embarrassed for you that you don't.

Submitting...
Iain Elder commented · 09 April, 2024 20:10 · Report

Just started using Xero.

Every time I log in it wants me to set up MFA.

Yubikey is my preferred option here.

Submitting...