This article is also available in:

Two-factor authentication

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is a security measure for user login.

The first factor is the username and password combination.

The second factor is a device-specific code generator that generates a one-time code.

How to enable this feature?

In ChurchDesk, users can enable 2FA for themselves under “My settings” > “Security”.
Alternatively, an organization administrator can enforce it for “all users” or for users with permissions in specific modules (Contacts, Donations, Prevention, ...).

! Note that when you enable 2FA for multiple users, all of them must set it up immediately upon their next login. Make sure to communicate this within your organization. Users may need the help of an organization administrator to set up the code generator.

! Afterward, users will be requested to copy the one-time code from their generator app every time they log in.

What users need to do to log in with 2FA:

There are many good code generators on the market, for example: Google Authenticator, 1Password, Authy.

Users must use one of these to generate a code.

When 2FA is enabled, the user logs in as usual with a username and password, and immediately after that, they will see the next steps for the initial setup.

If your church uses single sign-on, the 2FA steps will also follow directly after logging in.

From now on, the user must always copy the generated one-time code from the mobile code generator app as a second step to log in.

This applies to both the mobile app and the browser.

Setting up a new device:

If a user has set up the 2FA generator on an old device and needs to transfer it to a new one, they can usually follow the migration process provided by the phone, which securely transfers the app with the codes. If this is not offered, follow the same steps as if the device were lost.

Lost device. What to do:

If a user has lost their device, they must contact their organization's administrators.

The organization administrator must ensure that it is indeed the user, i.e., not via email if the email password has been compromised.

These organization administrators can reset 2FA for that user's access under “ChurchDesk Settings” > “Users” > Search for username > “Actions” > “Manage 2FA settings” > "Reset".

The user will then be given a new opportunity to enable the 2FA connection with a new general code upon their next login. If an organization administrator has lost their device, they must ask one of the other organization administrators in their organization to reset their 2FA.

Updated on: 12/09/2025

Was this article helpful?

Thank you!