Better manage authentication on web browser using private tabs
I log into Xero (employee) from a desktop running Firefox in a private window (NoScrip, Addblock, Ghostery disabled for Xero).
There are no cookies available to the session, so it always looks like a new device.
Xero asks for authentication via the Xero app on my mobile (real 2-factor in this scenario).
Once logged in, in this manner, some sections still are not happy (review payslips) and want another confirmation. In this case via email.
I'm not sure what window this 3rd factor is closing.
If the mobile authenticator is secure, this 3rd factor should not be required.
If I am on the desktop of a customer, I have access to their email; this 3rd factor is not a secure authentication.
Thanks for submitting your idea on Xero Product Ideas. We appreciate you taking time to let us know how we could improve Xero for you.
Your feedback will soon be reviewed by our Community team, and in the meantime this can begin to build support with votes from other community members.
If you're interested to see recent releases or get a pulse on what's coming soon see The Long and Short of it. 🙂