Exciting news, Xero has recently announced its implementation of two factor authentication to ensure your data is even more secure.

Two factor authentication means that to access the system you need two authentication credentials instead of just one password. This is often referred to as “Something you know” and “Something you have”.
Something you know would be your regular password.
Something you have would be a token generator either a physical  token  or more often these days an app on a smartphone.

The token generator on your smartphone generates a random number every few seconds in sync with the Xero security servers.
When you log in the combination of your password and your generated random number are checked against the Xero security servers, the password must be correct and the generated number must be match otherwise access will not be granted.

Because you now need to enter two unique pieces of information , your password and your token code (generated every few seconds) that is only known by you and the Xero security servers it is almost impossible for any unauthorised person to access your data as the password alone would not be enough.