Two-step Authentication

To help ensure your account is secure, you can now set up two-step authentication for your Spotlight login. When you do this, each time you log in for the first time on a new computer or in a new session, you'll receive an authorisation code to your chosen phone number or email address, which you'll then need to enter to log in. 

Note: If you currently use one of the single sign-on options, 'Sign in with Intuit' or 'Sign in with Xero', you will not be able to set up two-step authentication within Spotlight, as the login process is handled by your accounting system. However, you should be able to set this up within the accounting system itself if required.

To set up two-step authentication

  1. From the main Spotlight screen, open the My Account drop-down list, then choose Two-Step Authentication.

    two step auth2

  2. Select the required authentication option.

    • None - Do not require two-step authentication.
    • SMS - Receive authentication codes to a mobile phone number. If you select this option, you will then need to enter the mobile phone number you want to use, including the country code.
    • Email - Receive authentication codes to your email address. If you select this option, the authentication codes will be sent to the same email address you use to log in to Spotlight.

  3. To apply the change, click Update Settings.
  4. An authentication code is then sent to your chosen phone number or email address. To complete the process, enter the authentication code and then click Authenticate.
  5. To return to the main Spotlight screen, click Back to application.

Frequently asked questions


  • Can all users set up two-step authentication?

    Yes. This feature isn't limited by the user roles in Spotlight, so all users will be able to set this up.

  • Do I need to use two-step authentication?

    If you prefer, you don't need to turn on this feature, however it does offer an extra layer of security for your Spotlight login.

  • I'm a Practice Admin. Can I enforce two-step authentication for all users in our account?

    Not yet, however we will be adding this option in the future.

  • Can I use a method other than SMS or email?

    At the moment, only SMS and email options are available. However, we will be looking to add other options such as Google Authenticator and Timed One Time Passwords in the future.

Release Notes - Terms of Use - Privacy Policy - Launch Application - Copyright Spotlight Reporting 2021