Settings and activity
1 result found
-
379 votes
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
An error occurred while saving the comment Nigel Clark supported this idea ·
Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.
If you need convincing please check up on the following:
Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust
Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication
This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.
Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.
Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.