32 results found
-
Xero log in - Choose default organisation
Set the demo company as the first company seen on log-in, or be able to set which one you want to see.
I often use my laptop when speaking with clients and for a split second after logging-in I am on another clients business dashboard until I can grab the mouse and change it to their business. I don't think this is good business practice.
21 votesThanks for sharing this idea about choosing a default landing organisation, for when you first log into Xero.
We've reviewed this suggestion, and now it's up to the community to get behind and support it. Make sure you share your idea with any colleagues that this could benefit, so they can add their votes and comments about how this would help them, too!
-
MFA | Add support for Yubikey
Please can you add support for Yubikeys, the development webpage is here:
73 votesThanks for sharing with us here, everyone. We appreciate why you'd like simpler methods to improve efficiency when logging in to use Xero.
Our product team have started some work to enable logging into Xero using passkeys. As mentioned in some of your comments, this'll support Yubikeys by default.
For now, we'll move this idea to Under review and I'll come back to keep you updated on the latest news for this feature.
-
Xero Accounting app - Password Confirmation
The mobile app currently does not ask you to confirm your password when you setup a pin for your account. If you were to miss-enter your pin, which is easy to do, you essentially immediately lock yourself out of your account. The system should ask for a pin, then ask you to confirm the pin before finalising it, allowing you to go back a step if you enter in the wrong pin.
3 votesHi 👋 your idea is being looked into by our Community team. We will be in touch soon to update you once your idea has been reviewed.
-
Multi-Factor Authentication: Support for third party push notifications
With the recent changes to MFA dropping the remember devices from 30 days to 24 hours, the MFA prompt is now far more often (which is of course more secure) however it does slow down login.
Could you please look at updating the MFA configuration to allow push notifications to the mobile authentication app, or better still the number match, which is far more secure. Examples from Microsoft is below, but the priciple would apply in most major platforms.
https://learn.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-number-match
This would improve the user experiance over the token, but also improve the security overall.
Thanks
Dave33 votesThanks for sharing your idea, and letting us know the changes that matter most for you.
Now it's up to the community to get behind and support this idea. Make sure you share it with any colleagues that this could benefit, so they can add their vote too!
In the meantime, you might like to use Xero's own authenticator app, Xero Verify, which does support push notifications when you log in.
-
MFA - Allow setup of Multi-Factor Authentication on first Login
Currently, when you invite a brand new user to Xero who has never used Xero before:
1) on first log in you need to register for Xero & set password
2) on second log in, it asks you to set up multi-factor authentication (MFA)It would be great if MFA could all be set up in the first log in as it creates confusion for the new user on the second log in. Its also easier for accountants when helping clients to set up new log ins if it could all be done at once, rather than Register > log…
2 votesHi 👋 your idea is being looked into by our Community team. We will be in touch soon to update you once your idea has been reviewed.
-
Login - Remember 'Trust this device' setting for MFA after 24 hours
I understand the ATO requires you to enter 2FA daily, but that doesn't mean the tickbox should uncheck itself every day.
If I tick trust this device on Monday and login using 2FA, I can then login without 2FA for 24 hours.
After that 24 hours, I need to login using 2FA again AND I have to tick the trust this device box again to get another 24 hour reprieve.
Let us tick the box or another box that will remember our choice ongoing. So each day I only have to login using 2FA again but my choice to trust…
20 votesThanks for sharing this idea about remembering the 'Trust this device' checkbox if you previously ticked it.
We've reviewed this idea, and now it's up to the community to get behind and support it. Make sure you share your idea with any colleagues that this could benefit, so they can add their votes and comments too!
-
MFA - Option to switch between devices in Xero Verify
Changing MFA devices for Xero Verify brings over your accounts but on the Xero Identity Account page, when you attempt to change the device it makes you re-set up the account / code in Xero Verify. Would love to just have a 'change linked device' with a drop down of devices that have Verify attached to the account.
2 votesThanks for sharing your idea, and letting us know the changes that matter most for you.
We're keeping an eye on the support for this idea through the forums here, so make sure to share with any colleagues that would find this useful too.
-
MFA | Remove requirement to use
Get rid of this stupid MFA on EVERY sign in.
It used to be monthly which was bad enough, now it is a constant pain having to use an authentication device just to get access to Xero. MFA is a complete waste of user time. My bank doesn't use it and I trust them not to lose my money, so why does accounting software need it?
If the ATO insists on it with their stupid STP, then link it to STP and nothing else.13 votesHi everyone, we appreciate your feedback about multi-factor authentication, and this has been shared with our teams internally. Security and protecting your data is highly important to us and we want to be upfront that we don't have any plans for removing the requirements for logging into Xero with multi-factor authentication.
That said, we're continuing to improve the experience and offering more ways to verify your identity when logging into Xero.
-
Login - Option to set login preference to 'My Xero' if part of a practice
Have the option to set your Preference to logging in to 'My Xero' instead of Xero HQ or Lsat Client you were in.
4 votesThanks for your engagement and letting us know the changes that matter to you, Bailey.
We've reviewed your idea again and I've slightly updated the title so this is clearer to others members on the site. We'll continue to track the interest your idea receives here, however there are no plans to change these preferences at present.
-
MFA - Touch ID and Face ID verification
Implementing touch ID/Face ID verification for users to log into Xero.
Purpose: Users can have more variety on how to log in.
8 votesHi team, as another update surrounding passkeys we wanted to share that this week we've released passkey log in for Xero Me app users who haven't set up MFA yet. This is just the first stage, and over the coming months we'll progressively make this feature available to more users. I'll be back to share more as passkeys become available to more users.
-
Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)
Develop the feature where Xero doesn't log user out time is extended for more than 60 minutes when it’s idle.
Purpose: Because having to log in again can disrupt users' workflow, which some users had to be interrupted as they’re also taking care of their business at the same time.
1,093 votesHi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
If we detect there's been no activity on a page (e.g… -
Login - Enable Microsoft Entra ID Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
656 votesHi everyone, we appreciate all the feedback and votes on this idea. We know using Microsoft Entra ID SSO is now common practice for some businesses and being able to access Xero via a native integration with Entra ID would streamline how your teams log in and get set up in Xero, as well as help in managing access for larger teams and keeping things secure.
Our product team have been working with a small limited group of Partners to develop SSO capabilities. Though we can't give any definite timelines yet, we’ll keep this thread updated with news. Thanks
- Don't see your idea?