The Australian Taxation Office (ATO) has issued new Digital Service Provider (DSP) operational security framework (OSF) requirements. The long story short is that online software like Xero will be required to change their security protocols so that authentification codes need to be entered every 24 hours, unlike the current 30-day option.
This means your multi-factor authentication (MFA) or 2-step authentication (2SA) devices like Google Authenticator will be required to be entered daily to access the software.
Read more on the ATO DSP OSF protocols here
This will affect most software platforms and will just become part of the "new normal"