I have asked this via your support channel (more than once), but never got a response, so going public, and hoping some other Xero users will back me on this.
We've been using Xero for well over a year now, and I've always been concerned about the fact that our staff can access Xero from anywhere.
What I have asked for is the ability to lock down access per user by IP address, so that our admin staff can only access Xero from our office. Obviously business owners would need to control this on a per user basis, so they (or anyone they want to trust) could continue to access Xero from home or mobile. i.e. Access control via IP address should optional (per user).
Being an asp.net web developer I know this is easy to do (because we've acutally done exactly this for one of our clients' web admin systems), but to be fair I don't have any insight to how your authentication systems work, and possible other issues.
This would be a huge selling point of Xero for those who fear putting their accounting system in the cloud makes it far too easy for their confidential financial information to be 'leaked' out by staff members.
Does anyone else agree this would be a great feature? I would love to see it implemented soon.