Why Two-Step Authentication Matters for Xero and MYOB Users

Small businesses are becoming prime targets for cyber attacks – often due to lighter security measures and a lack of internal policies. One of the simplest, most effective ways to protect your accounting data is to enable Two Step Authentication (2SA) – also called two-factor authentication.

At Oxygen8, we’ve seen firsthand how this small step has saved clients from devastating financial and operational damage.

What Is Two Step Authentication?

Two Step Authentication adds an extra login step for your accounting software. In addition to your usual password, you must also enter a code sent to your mobile or generated by an authenticator app.

Xero refers to this as 2SA
MYOB refers to it as Two Factor Authentication

This extra step ensures that even if someone has your password, they can’t log in without that unique, temporary code.

Real-World Cyber Threats 2SA Can Prevent

By enabling 2SA, you protect your business from:

Intercepted invoices – Hackers replace your bank details with theirs before payment is made
Spoofed payments – You’re tricked into paying fraudulent invoices that look legitimate
Credential stuffing – Hackers use stolen credentials from other sites to access your accounts

With 2SA in place, these attacks are stopped before any damage is done.

How to Enable It

Both platforms make it easy:

Xero Setup Instructions
MYOB Setup Instructions

Tip: Ensure everyone with access to your software – not just administrators – has 2SA enabled.

Client Story: Shape

“We didn’t just get advice – we got belief in what we were building.”
– Shape

Shape, a commercial furniture provider, didn’t consider themselves a target – until they were. Oxygen8 helped them implement 2SA, create secure workflows, and boost pricing confidence. The result? They avoided a costly breach and improved their entire operational foundation.

Today, Shape has doubled its pricing without losing clients, grown their team, expanded into multiple cities, and secured their systems – starting with this crucial protection step.

Final Thoughts

Two Step Authentication is free, fast, and critical. It’s a modern business essential – especially when your accounting software holds so much sensitive data.

If you’re unsure where to begin, Oxygen8 can help you implement smart, secure systems to future-proof your business.

Meet the consultant: Anna Gordon

With a proven track record of driving business growth in both large companies and her own ventures, Anna Gordon is an entrepreneur and business consultant focused on helping small and medium-sized businesses succeed.

Based in Auckland, she combines strategic insight and structure with practical know-how to help companies scale efficiently, build strong cultures, and achieve sustainable success.