Articles on: Introduction
This article is also available in:

Two-factor authentication via app

Two-Factor Authentication (2FA) is a critical security measure that requires you to provide two separate forms of identification—your standard password plus a unique, time-sensitive code generated by an authenticator app on your phone—before logging into an account. By adding this second layer, 2FA ensures that even if a hacker steals your password, they cannot breach your account without physical access to your device.


How to enable 2FA


  • In ChurchDesk, users can either enable 2FA for themselves under “My settings” > “Security”.
  • Alternatively, an organization administrator can enforce it for “all users” or for users with permissions in specific modules (Contacts, Payment & Giving, Forms, ...).


! Note that when you enable 2FA for multiple users, all of them must set it up immediately upon their next login. Make sure to communicate this within your organization. Afterward, users will be requested to copy the one-time code from their generator app every time they log in.




What users need to do to log in with 2FA


When 2FA is enabled, a QR code is automatically displayed to the user during the setup process. This happens immediately after logging in with the username and password. The user must then scan this QR code with a third-party code generator app to set up the account in the app.

From now on, the user must always copy the generated one-time code from the mobile code generator app as a second step to log in. This applies to both the mobile app and the browser.


Examples of third party apps

When it comes to securing your user accounts, there are plenty of excellent, free two-factor authentication (2FA) apps on the market.

Top standalone options include Google Authenticator, Microsoft Authenticator, and Authy, while Apple Passwords offers a great built-in solution for iOS and Mac users.

Additionally, if you already use a paid password manager, check its feature list, most premium services include a built-in code generator automatically.



Setting up a new device


If a user has set up the 2FA generator on an old device and needs to transfer it to a new one, they can usually follow the migration process provided by the phone, which securely transfers the app with the codes. If this is not offered, follow the same steps as if the device were lost.


What to do when a device was lost


If a user has lost their device, they must contact their organization's administrators.

The organization administrator must ensure that it is indeed the user, i.e., not via email if the email password has been compromised.


These organization administrators can reset 2FA for that user's access under “ChurchDesk Settings” > “Users” > Search for username > “Actions” > “Manage 2FA settings” > "Reset".


The user will then be given a new opportunity to enable the 2FA connection with a new general code upon their next login. If an organization administrator has lost their device, they must ask one of the other organization administrators in their organization to reset their 2FA.



Updated on: 04/06/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!