HomeBlog › Lets take security seriously

Lets take security seriously

Lets take security seriously

Xero will soon start making two-step authentication (2SA) compulsory for all business clients, just as it has for accountants. There is now an opt-in period which has begun for subscribers and Payroll administrators and will be mandatory by September 11. By the end of this year, every user with access to Xero in Australia will be required to take up 2SA.

Imposing the take-up of enhanced security is one way your information can stay as safe as can be. Head of Xero Security Paul Macpherson is known to say, a system is only as good as the weakest link in the chain and 2SA is like putting that extra deadbolt on the door. As modern security measures become increasingly mandated in this way, with wide scale rollouts supported by government offices like the ATO, security will become a mainstream part of life and business.

We take this opportunity to share some key, easy-to-implement steps, to encourage our clients to:

Activate 2SA across Xero and all other available systems, like bank accounts and email providers. The extra authorisation that 2SA requires at login means that cracking a password isn’t enough for a hacker to gain access. For more information about 2SA in Xero, visit the help centre.

Have strong unique passwords, that you use only once. A weak password is equivalent to having a dodgy lock on your door – it’s easy to break if someone wants in. Password-manager software can help you create and manage strong passwords that are different for every site. Doing so will help prevent a compromise of one login turning into a compromise of many.

Set up an alternative email, so you can link your two-step authentication to a second verified email address. This provides clients with an easy fallback option in the event that the authenticator app on their smartphone isn’t available.

Check out cyber resilience resources such as our Introduction to Cloud Security small business guide, the Australian Securities and Investment Commission (ASIC) resource hub, and this handy resource from Get Safe Online. CERT NZ, the national Computer Emergency Response Team over in New Zealand, also shares a range of useful (and universal) information in the form of easy-to-digest cyber security guides.

And of course if you have any questions regarding the implementation of 2 SA then please do not hesitate to contact our office.