Articles on: Introduction
This article is also available in:

User Identity Verification via Email

Additional security layer: User Identity Verification via Email


When you log in to ChurchDesk without two-factor authentication (2FA) enabled, you may be asked to verify your identity by entering a one-time code sent to your email address. This adds an extra layer of security to protect your account from unauthorised access.


Email verification applies to both the web application and the mobile app.


TIP: Want to skip email codes entirely? Enable "Two-Factor Authentication" in your account settings. With 2FA enabled, email verification is not required — and it's the most secure option for regular use.



When is email verification required?


Email verification only applies to users who have not enabled two-factor authentication (2FA). How often you are prompted depends on the level of access your account has.


Users with access to sensitive data


If your account has admin rights, access to People data, or permission to view sensitive information, you will be asked to verify your identity every 30 days on each browser you use.


You may be prompted sooner if:


  • you clear your browser cookies or use a different browser. The cookie that remembers your verification is removed when you log out manually, clear cookies, or switch browsers — so you will need to verify again on your next login.


Users without access to sensitive data


If your account does not have access to sensitive data, you will only be prompted if:


  • you log in from a different country than the one where your ChurchDesk account is registered. For example: a user with a British ChurchDesk account travels to France and logs in there. They will be prompted to enter an email code.
  • you log in while connected to a VPN. A VPN can make it appear as though you are logging in from a different location, which triggers verification. If you are unsure whether you are using a VPN, check with your IT administrator.



How email verification works


  1. Log in as usual with your email address and password.
  2. If verification is required, you will see a prompt asking you to enter a one-time code.
  3. A code is automatically sent to the email address registered with your ChurchDesk account. The email is sent from no-reply@churchdesk.com with the subject line: "Your MFA Verification Code".
  4. Enter the code in the field shown in your browser or mobile app.
  5. Once verified, you will be redirected to ChurchDesk and can work as usual.


Important: The one-time code is valid for 15 minutes. If it expires, you can request a new code directly from the verification screen. When you do, make sure to use the code from the newest email — check the timestamp in each email to confirm you are entering the right one.



Troubleshooting


I didn't receive the email with the code.

Check your spam or junk folder. If the email still does not appear, make sure that your inbox is not full. You can request a new code from the verification screen.


I still can't log in after trying the steps above.

Contact your ChurchDesk administrator or reach out to ChurchDesk Support for help.


I keep getting asked to verify every time I log in.

This is expected if your account has access to sensitive data (admin rights, People data, or sensitive information) and you manually log out, clear cookies or switch browsers. It will also happen if you are using a VPN or working from abroad. To avoid email codes altogether, enable two-factor authentication (2FA) in your account settings — it's faster and more secure.



Security reminder


Never share your one-time code with anyone. ChurchDesk employees will never ask you for your login code. If someone requests it, do not provide it and report the incident to your administrator.

Updated on: 15/05/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!