Skip to content
← Share and support customer ideas for Xero

Settings and activity

1 result found

  1. MFA | Remove requirement to use

    12 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    10 comments  ·  For small businesses » Settings & user roles  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Not in pipeline  ·  AdminKelly Munro (Community Manager, Xero) responded

    Hi everyone, we appreciate your feedback about multi-factor authentication, and this has been shared with our teams internally. Security and protecting your data is highly important to us and we want to be upfront that we don't have any plans for removing the requirements for logging into Xero with multi-factor authentication.

    That said, we're continuing to improve the experience and offering more ways to verify your identity when logging into Xero.

    An error occurred while saving the comment
    Chris Cataldo commented  · 

    This is extremely annoying and it's not normal to be asked for MFA every single hour.

    I logged a support ticket and was advised:

    "The multi factor authentication to not have Xero open without a password for more than one hour is a requirement from the ATO. We're unable to extend our log-out time past 60 minutes, as we do hold a lot of sensitive information including bank data and we're required to be as secure as online banking."

    The information provided was not accurate as the ATO do not stipulate this. Below is the ATO link Xero provided me which states ""Remember me functionality must be limited to less than 24 hours."

    https://softwaredevelopers.ato.gov.au/RequirementsforDSPs

    Xero should hide the Remember me button as it clearly has no function whatsoever.