Xero users demand two-factor authentication

By

Company won't give timeframe for introduction.

Hosted accounting vendor Xero has come under pressure from users to offer two-factor authentication to secure access to its services.

Xero users demand two-factor authentication
Rod Drury, chief executive of Xero.

Xero users have since April 2013 taken to the company's community forums to lobby for the introduction of two-factor authentication, which they say is necessary to secure the sensitive information such as bank account details and payroll data held by Xero.

Two-factor authentication (2FA) for websites uses a challenge and response code sent out of band using channels such as SMS texts over mobile networks.

However, despite previously talking up the importance of 2FA security, the company is still yet to offer the feature.

Xero customer and CEO of web design firm Itomic, Ross Gerring, told iTnews users of the cloud accounting software were "gobsmacked that Xero haven't prioritised offering 2FA for their users, or even adequately explained to us why they clearly don't think it's a priority".

Gerring has set up an online petition at Change.org hoping to persuade Xero to introduce 2FA.

Founder and chief executive of Xero Rod Drury told iTnews the cloud accounting firm would offer 2FA for customers, but wouldn't be drawn on a timeframe for introduction.

Xero product manager Andrew Tokeley told iTnews 2FA was not a current priority for the company.

"We do understand the importance of 2FA for some of our users and agree that it's a necessary step to take," Tokeley said.

"We are actively engaging with them on [the Xero] community but are currently working on a number of other highly requested features.

"We appreciate the feedback that we receive and will update our customers as soon as we have more information."

Xero is not alone among financial software companies in being slow to implement 2FA.

Of the 14 listed on tracker website TwoFactorAuth, which includes Xero competitor Intuit, only the company’s Kiwi personal finance outfit Pocketsmith supports the additional security measure.

Saasu and MYOB were also not listed as offering 2FA.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?