This is extremely annoying and it's not normal to be asked for MFA every single hour.
I logged a support ticket and was advised:
"The multi factor authentication to not have Xero open without a password for more than one hour is a requirement from the ATO. We're unable to extend our log-out time past 60 minutes, as we do hold a lot of sensitive information including bank data and we're required to be as secure as online banking."
The information provided was not accurate as the ATO do not stipulate this. Below is the ATO link Xero provided me which states ""Remember me functionality must be limited to less than 24 hours."
This is extremely annoying and it's not normal to be asked for MFA every single hour.
I logged a support ticket and was advised:
"The multi factor authentication to not have Xero open without a password for more than one hour is a requirement from the ATO. We're unable to extend our log-out time past 60 minutes, as we do hold a lot of sensitive information including bank data and we're required to be as secure as online banking."
The information provided was not accurate as the ATO do not stipulate this. Below is the ATO link Xero provided me which states ""Remember me functionality must be limited to less than 24 hours."
https://softwaredevelopers.ato.gov.au/RequirementsforDSPs
Xero should hide the Remember me button as it clearly has no function whatsoever.