Login Security and Authentication - FAQs

Why are you asking us to link to Xero?

WorkflowMax is a Xero product. We are gradually going to move users over to using a Xero login as this provides the added benefit of two-step authentication (2SA) and enables us to use a number of additional technologies to detect fraudulent activity and protect you and your clients’ data against possible security compromises.

How will this affect me?

We will be asking all users to convert their WorkflowMax login to a Xero login. If you do not have a Xero account, you’ll need to create a Xero login to use from now on. Using a Xero login doesn’t mean you’ll need to have a Xero subscription. Your login will simply be held inside the Xero application rather than in the WorkflowMax application.

You’ll be able to choose if you wish to use two-step authentication as an added security step, which we highly recommend.

Why can’t I opt in - why do we need to change logins?

Due to the sensitive nature of the data stored with us, as responsible service providers we need to take all security measures possible to protect our users and their clients' data and information. As a Xero-owned application we already have the tools to do this within Xero, but it means that all users must have a Xero login (even if they are not paying Xero subscribers for accounting services). Using a Xero login will ultimately give all our users peace of mind that their data and that of their clients, is in safe hands.

Is this level of security really necessary? Shouldn’t I be able to choose?

Our lives are increasingly digital but many people still use and share weak passwords that are easily guessed, or fail to keep software and anti-malware up to date. For this reason, two-step authentication is being used more and more in everyday situations where security and privacy are important, including access to online banking and email.

What may appear to be temporarily inconvenient has been proven to significantly reduce the risk and inconvenience of a compromised account.

Can I de-link my Xero login?

No, once you’ve changed your WorkflowMax login to use your Xero login, it will not be possible to go back to your old WorkflowMax login.

Can I still use my WorkflowMax username and password to login once I link to Xero login?

Unfortunately no. All usernames and passwords in your WorkflowMax account will be disabled and you will no longer be able to log in with them.

This change affects some long-time WorkflowMax users only, as newer subscribers use an email address to log in to WorkflowMax, not a username.

How do I change my login credentials in future?

You will need to use your Xero login to manage any changes to your email address and resetting or changing your password.

Can I use my Xero login with my WorkflowMax mobile app?

Yes you’ll be able to use your Xero login on your mobile device (iOS and Android). Once you’ve converted to use a Xero login for the web application, you’ll also need to upgrade to the latest iOS or Android version to use your Xero login on your mobile.

What if I am not a Xero user?

You do not need to have a Xero account to use the Xero sign on; we’ll create a user account for you as part of the process. After you’ve authenticated your new Xero login, you’ll be able to sign in to your WorkflowMax account with your Xero login and benefit from Xero’s two-step authentication. You get all the benefits of Xero's world class login service for free, including enhanced fraud detection and data security.

Are you going to sell me a Xero account?

There is no requirement to have a Xero subscription in addition to your existing WorkflowMax account.

Can I use my old customised login and page branding?

Unfortunately no. This will no longer work with the Xero login and is not part of the current WorkflowMax user interface.

What happens if we share a login?

We recommend that you don't share login credentials with another user under any circumstances as it contravenes Xero's terms and conditions. When you have two-step authentication enabled you will no longer be able to share credentials – you’ll have to create a new user for each person you want to login to your WorkflowMax account.

Where do I get the authenticator app? I can't find it in the app store

There’s no specific Xero-branded authenticator app. Instead, you can choose from a number of industry-standard authenticator apps. Options include Google Authenticator, FreeOTP and Authy. Just search for ‘authenticator’ from your device in the app store and you’ll see the options available, or look at our other support articles.

Does the authenticator app mean I’m connecting my Xero data to a third party?

No, the authenticator app doesn’t connect to your Xero account. It simply provides a one-time time-based numeric passcode that's used as an extra security step during the login process. This means that knowing or guessing your password is not enough to access your account - the passcode is required as well.

I don't have a smartphone or tablet; what do I do?

For greater security, it’s preferable to have the authenticator app on a different device from the one you use to log in to Xero. But if that’s not possible, you can install an app such as Authy on your laptop or desktop computer. Suggested authenticator apps for phones and desktop computers are listed in one of our other support articles.

Do I need signal on my phone to get the passcode?

No. Once the authenticator app is installed and set up on your mobile device, it doesn’t need a mobile or wireless connection to work. Because it’s continually generating new codes that are only valid for 30 seconds, it doesn’t need to connect to anything.

What you do need to make sure of though, is that the time on your authenticator device is in sync with Xero. Xero uses an automatic clock service to set the time, as do most mobile phone service providers, so we recommend you allow your network provider to set the time automatically. Manually setting the time can lead to out-of-sync issues and an Invalid code error.