Multi-factor authentication to become mandatory for users of accounting software

Multi-factor authentication (MFA) is becoming the norm for any new and existing digital accounts. MFA adds a second level of security when logging in. This additional layer of security keeps your account safe and helps when recovering lost accounts or passwords.   

Recently, Xero has revealed that MFA will be mandatory for all accounting partners in the UK at some point in 2021, followed by all users soon after. I believe other accounting software providers will soon follow suit, such as QuickBooks, Sage, and Free Agent. They will likely make MFA compulsory to use their software.   

MFA has been mandatory in Australia since 2018, due to an Australian Tax Office requirement.

What is MFA?

It combines something you know (for example, your email address and password) with something you have (an authenticator app on your smartphone or tablet). If you don’t have a smartphone or tablet, you can install MFA software such as Authy or WinAuth (for Windows) on a laptop or desktop computer.

This second layer of security works by generating a 6-digit security code that changes every 30 seconds, and is only accessible by the smartphone, tablet, or software installed to act as the second layer. It’s designed to stop anyone else from accessing your account, even if they know your password.  

Xero has created its own application for MFA (Xero Verify), available for Xero users, which sends a push notification to your device to accept or deny access, or provides you with a 6-digit code. 

Another app, another delay?   

You may be reticent to install and use another app. However, the reason behind this is to support and secure your data and accounts. It’s also very quick; when the Xero Verify mobile app sends a push notification to a mobile device, it takes around five seconds to accept and log in.

It’s very easy to set up!  

Make your way to your account settings, where you’ll see a section for Multi-Factor Authentication, and here you can enable it.  

Once you download your chosen authenticator app, on a tablet or smartphone, you scan a QR code with your device’s camera, or type in the 6-digit code if using a laptop or desktop computer. You then enter the first of the generated codes to verify. Your MFA is now enabled.   

I recommend that you look to get ahead of the curve and enable this as soon as possible, not only to eventually stay compliant, but to lock down and secure your data to only those who need it!   

We can help you

At Larking Gowen, our teams already have MFA enabled, which is helping secure our clients’ data. So, as cyber threats grow, we’re making sure we’re doing everything possible to keep these at bay.  

We’re setting up all new users with MFA functionality in QuickBooks and Xero, but if you’re already using the software and you need support with enabling this extra security, please get in touch with your usual Larking Gowen contact and we’ll assist you. You can find contact details on the Our People section of the Larking Gowen website. Alternatively, call 0330 024 0888 or email enquiry@larking-gowen.co.uk.

Ryan Ebbage