In the world of accounting, technology has been at the forefront of our industry’s transformation.  With cloud accounting, businesses now have real-time insight into their exact financial position, at any time, from anywhere in the world.  Insight that can inform decisions, guide business direction and increase productivity, yet the growth of these platforms have also made the need for robust IT security even more important than it was previously.

On the 7th of March we attended the Xero Roadshow in London.  We heard about the many excellent features Xero have built into their software to keep their users data safe, however, we also heard how low the uptake of those features remains.  So, we felt it was time to highlight some of those key and easy to implement features and discuss the fundamentals for robust logon security. We’ll be running through passwords, two-step authentication and programmes that can remember your passwords for you.

Good practice for your passwords

“63% of confirmed data breaches leverage a weak, default, or stolen password”


We know, we know, you’ve probably heard it all before, however, secure passwords are just the beginning of a solid approach to security. A vital firm foundation on which all other security measures rely. The following three tips outline the basics of good practice for your passwords.


  1. Passwords should be changed regularly, ideally every month (you may want to automate this process, rather than rely on your staff remembering to take care of this task).
  2. They should contain at least one: upper case letter, lower case letter, number and special character, and be a minimum of 8 characters long.
  3. Passwords should never (ever) be written down or shared – if you struggle to remember the million and one passes that you hold for your everyday life, consider using a tried and trusted password management system – such as LastPass.
Two Step Security – Bolstering IT security for your most important apps
You may already experience two-step authentication when you log into your personal banking, such as having a pin pad into which your card slots or a simple hand-held number generator. This approach to security really bolsters your protection making the job of the cybercriminal all the harder.

When we look to cloud accounting platforms, we can take Xero as a shining example of two step security done right. Their two-step authentication allows businesses to:

  • Use your email and password alongside a unique code generated on your phone to overcome the prospect of stolen login details by phishing or malware.
  • See who’s using two-step authentication in the company and more to the point, identify who’s not (they say that the weakest chain in any security link are humans and this may be a prime example)

Xero also provides users with other benefits that help monitor the security of your data:

  • Check when and where you last logged in – and report any logins that don’t look right
  • Benefit from an entire team of world-class security experts, as XERO are continually pushing their security efforts forward