Xero users demand two-factor authentication

By

Company won't give timeframe for introduction.

Hosted accounting vendor Xero has come under pressure from users to offer two-factor authentication to secure access to its services.

Xero users demand two-factor authentication
Rod Drury, chief executive of Xero.

Xero users have since April 2013 taken to the company's community forums to lobby for the introduction of two-factor authentication, which they say is necessary to secure the sensitive information such as bank account details and payroll data held by Xero.

Two-factor authentication (2FA) for websites uses a challenge and response code sent out of band using channels such as SMS texts over mobile networks.

However, despite previously talking up the importance of 2FA security, the company is still yet to offer the feature.

Xero customer and CEO of web design firm Itomic, Ross Gerring, told iTnews users of the cloud accounting software were "gobsmacked that Xero haven't prioritised offering 2FA for their users, or even adequately explained to us why they clearly don't think it's a priority".

Gerring has set up an online petition at Change.org hoping to persuade Xero to introduce 2FA.

Founder and chief executive of Xero Rod Drury told iTnews the cloud accounting firm would offer 2FA for customers, but wouldn't be drawn on a timeframe for introduction.

Xero product manager Andrew Tokeley told iTnews 2FA was not a current priority for the company.

"We do understand the importance of 2FA for some of our users and agree that it's a necessary step to take," Tokeley said.

"We are actively engaging with them on [the Xero] community but are currently working on a number of other highly requested features.

"We appreciate the feedback that we receive and will update our customers as soon as we have more information."

Xero is not alone among financial software companies in being slow to implement 2FA.

Of the 14 listed on tracker website TwoFactorAuth, which includes Xero competitor Intuit, only the company’s Kiwi personal finance outfit Pocketsmith supports the additional security measure.

Saasu and MYOB were also not listed as offering 2FA.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
securityxero

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?