Skip to content

Settings and activity

1 result found

  1. 11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Chris Cataldo commented  · 

    This is extremely annoying and it's not normal to be asked for MFA every single hour.

    I logged a support ticket and was advised:

    "The multi factor authentication to not have Xero open without a password for more than one hour is a requirement from the ATO. We're unable to extend our log-out time past 60 minutes, as we do hold a lot of sensitive information including bank data and we're required to be as secure as online banking."

    The information provided was not accurate as the ATO do not stipulate this. Below is the ATO link Xero provided me which states ""Remember me functionality must be limited to less than 24 hours."

    https://softwaredevelopers.ato.gov.au/RequirementsforDSPs

    Xero should hide the Remember me button as it clearly has no function whatsoever.