Xero 2 Step Authentication

How to make sure you don’t get locked out of your Xero account

While it may seem like an inconvenience, 2 Step Authentication (also known as 2SA or 2FA) is an essential aspect of keeping your vital financial information secure from being hacked. 2SA adds the extra layer of protection of the user needing something just you ‘have’ ie. your phone with a code on it with something you ‘know’ ie. your username and password. So even if someone could guess or crack your password, if they don’t have your specific code generator on your phone they still can’t get in.


We often hear of users who change over their mobile phone or lose their previous one, containing their Authentication code generator app and find themselves locked out of Xero. A couple of simple steps done now can prevent the frustration and time lost in trying to recover your Xero account should you no longer have access to your phone with the code generator on it.

Locked out of Xero 2 step authentication

The next option, if you don’t have your code generator app is to choose the Use Another Authentication Method which is a link straight under the box where you are prompted to enter the 2SA code, it will take you to a screen where you can also choose to enter the answers to security questions or reset your password via an alternative email.

These alternate methods only work if you’ve set them up ahead of time.  If you haven’t set these methods up before you lose your code generator app, it’s too late. The only other option available to you is to contact Xero by email at security@xero.com, they will take you through a process of proving your identity for security reasons. There is no phone support option to do this immediately.

Xero Alternate Authentication methods

Once you’re up and running with 2SA already you can change your security or recovery email address by disabling 2SA and then re-enabling it. This requires a working code generator.  See the Xero Central Support article for managing your 2SA for details.


If you have a bookkeeper, accountant or other Xero advisor set up with administrative access to your file, they could invite you in as a new user with to a different email address as a temporary measure to keep you working while you get your original account recovered.


Setup (and make sure you remember)  your Xero security questions and answers as well as a backup email to give you other options to get into your account if you lose your authentication code generator app.

Transfer your code generator to your new phone before decommissioning your old one, if possible! See this article on Xero Central for details on how to move your authenticator to a new phone.

Have a trusted party setup as an advisor in your file so they can always invite you in under a different email address in an emergency.

Scroll to Top