Enter your idea

How about the phrase is changed to;

Trust this device for 24hrs.

That way it would be clear it is *just 24hrs*.

('Trust this device' on most any other SaaS product usually means 30 days, not 24hrs)

Can't explain just how much this drives me crazy to have to log in on my home computer and trust this advice but then the advice is not trusted. It's a stupid system and is massive overkill. Banking doesn't even make us jump through this many hoops. I'm all for security but this is ridiculous and unnecessary.

This drives me insane. What's the point of having a trust this device if it resets every single day? Defeats the purpose. What a frustrating thing to do each time I want access.

When I open the app on my phone, it remembers my password and I'm straight in. Why do I need to use the authenticator app on my phone to enable the computer to log in? Isn't the purpose of multifactor authentication to detect if it's a new device and if so THEN require another verification step. I'm VERY frustrated that I need to use the authenticator app everyday!

Xero has the most aggressive MFA of any software platform I use (BY FAR), including that of my bank.

Please allow users (or admins) the option to relax MFA timeout.

@Koti,
It used to work like 1 and 3 (30 days) then they changed it to work like 1 and 3 but only for 24 hours.
They won't go back to 30 days...
What I want in lieu of that is for them to keep the box ticked (if I tick the box), so that when I am forced to use MFA on logging in >24h later, I don't have to tick the box again and I won't have to use MFA again for 24h (unlike now, where I do, if I forget to tick the box when logging in on day 2)

I work as a senior Identity and Access management consultant. And my recommendations are below,
1. If a user checks the box - trust my device then trust the device and skip MFA for next login
2. If the duration of next login is more than 3 days ideally considering the weekend, ask for MFA again else keep skipping the MFA. This is like Idle time in the login behaviour.
3. Consider refreshing MFA every 30 days. This means even if the user is regularly logging in force them to MFA after 30 days. This is max MFA duration.

I can provide clearer instruction if required.

Cheers.

Totally agree... I love Xero, but I absolutely HATE that I have to use 2FA every time I login. You really should allow remembering my authenticated login for a period of time (ideally around 30 days). I have many companies which have Xero accounts and all of my various teams that use Xero lose time from having to login with 2FA EVERY time. This is literally costing me thousands and thousands of dollars of productivity each year across all my companies/people using Xero.

Now that we have daily authentication when logging into Xero why do we have to also tick the Trust this device button - please remove that requirement its a needless click which is inefficient

I'd also recommend you challenge your development team to reduce the number of clicks to do things in Xero, at times it feels like your programme constantly requires multiple menu clicks to do things when one selection should be enough.