The Australian Tax Office (ATO) is introducing a new operational framework for software developers and for accountants and bookkeepers who use software to interact with the ATO. This new framework requires accountants and bookkeepers to use multifactor authentication when they login. This means any staff member of an Australian practice needs to have 2SA implemented in Xero by March 2018 to comply with the ATO Operational Framework. From March, if you don’t have 2SA, you won’t be able to access Xero Practice Manager, Xero Tax or Xero HQ.
To get your practice ready for this requirement, Xero will have optional 2SA in Xero for accountants and bookkeepers from late January. You can start to get your practice ready for 2SA now by ensuring everyone in your practice is using a unique login and not sharing passwords.
Install the authenticator Chrome extension
Best practive is to use the mobile app, for cases where this isnt possible a Chrome extension can be installed. If you do have access to a mobile device please follow this mobile article.
- Install the Chrome extension.
- Follow the installation to add the extension.
- Open the Extension and click on the pencil.
Set up two-step authentication in Xero
-
- Go to [Your Name], then click Account.
- Under the Two-step authentication heading, click Setup.
- Click enter your key manually.
- Below manual code will appear.
- Open the Chrome Extension and click on the Pencil.
- Click the + and select Manual Entry.
- Now enter Account: Xero Secrect: Key from Step 4( Remove Spaces)
- Click OK
- Back on Xero now click Next.
- A Xero will now request Authentication Code.Open the Chrome authenticator and enter the Xero Code into Xero as below, then click Next.
- Click Next.
- Select your three security questions and type answers, then click Next.These can be used as a backup if you don’t have your phone or the code is not working.
- Click Next, Done.
The next time you log in to Xero, you’ll need to enter your authentication code from your Chrome authenticator in addition to your email address and password.