Settings and activity
1 result found
-
12 votes
Hi everyone, we appreciate your feedback about multi-factor authentication, and this has been shared with our teams internally. Security and protecting your data is highly important to us and we want to be upfront that we don't have any plans for removing the requirements for logging into Xero with multi-factor authentication.
That said, we're continuing to improve the experience and offering more ways to verify your identity when logging into Xero.
An error occurred while saving the comment
This is extremely annoying and it's not normal to be asked for MFA every single hour.
I logged a support ticket and was advised:
"The multi factor authentication to not have Xero open without a password for more than one hour is a requirement from the ATO. We're unable to extend our log-out time past 60 minutes, as we do hold a lot of sensitive information including bank data and we're required to be as secure as online banking."
The information provided was not accurate as the ATO do not stipulate this. Below is the ATO link Xero provided me which states ""Remember me functionality must be limited to less than 24 hours."
https://softwaredevelopers.ato.gov.au/RequirementsforDSPs
Xero should hide the Remember me button as it clearly has no function whatsoever.