Set up two-factor authentication (2FA)

Who can do this?

  • All users and access levels: Can set up own 2FA settings

  • Full Access: Can make 2FA mandatory or optional for all group users

Two-factor authentication (2FA) adds an extra layer of security to your Halaxy account. When you sign in to Halaxy, 2FA requires you to enter an authentication code that you receive by SMS, email or Google Authenticator.

2FA combines something you know (your password) with something you have (your device). Even if someone else knows your password, 2FA ensures that only you can sign into your account.


Two-factor authentication is automatically mandatory for all users in a practice group where someone has connected their Halaxy to Xero, as a security requirement by the Australian Taxation Office.

Enable 2FA for your individual account

  1. Click Settings > Users.

  2. Next to your name, click the Icon-Settings.svg cogwheel icon.

  3. Select the method that you want to receive the authentication code:

    • None: Disables 2FA for your account. You can enable it again anytime.

    • SMS: The authentication code will be sent to the mobile number you enter.

    • Email: The authentication code will be sent to the email address you enter.

    • Google Authenticator: Scan the displayed QR code using your Google Authenticator app, then click Validate. Validate. This creates an entry for Halaxy in the app. Whenever you sign in to Halaxy, open Google Authenticator to find your authentication code.

  4. Click Validate.

  5. Enter the code you receive through the method you selected.

  6. Click Submit.

You have successfully set up two-factor authentication for your account.

If 2FA is mandatory for any of your practice groups, you cannot disable it. If your group mandates a particular authentication method, you can only select that method.


If you are a Full Access user, you can enable 2FA for individual users in your practice group, but only they can complete the validation.


Google Authenticator is the only supported 2FA app for Halaxy. Other apps are not guaranteed to be compatible with Halaxy.

Enable 2FA for your practice group

Full Access users can enable or require 2FA for a practice group, prompt other users to enable 2FA on their next login, or select one 2FA method for group users.

To configure 2FA settings for your group, follow the steps below.

  1. Click Settings > Users.

  2. Next to your practice group name, click the Icon-2FA.svg 2FA icon.

  3. In the pop-up, select your Group 2FA Setting:

    • Optional: Users can enable or disable 2FA anytime.

    • Prompt on login: Users are alerted to enable 2FA on their next login.

    • Mandatory: Users must set up 2FA at their next login.

  4. Select your Group 2FA Method. The option you select here will be used as the authentication method for all users in your practice group.

  5. Click Save.

Trust a device for 30 days

When entering a 2FA code, the checkbox "Trust this device for 30 days" is ticked and highlighted

After entering your authentication code, you can choose to Trust this device for 30 days. If you tick this checkbox, you will not be asked for a authentication code to log in for the next 30 days as long as you use the same device to log in.


Was this article helpful?