Articles on: Introduction
This article is also available in:

User Identity Verification via Email

When you log in to ChurchDesk without two-factor authentication (2FA) enabled, you may be asked to verify your identity by entering a one-time code sent to your email address. This adds an extra layer of security to protect your account from unauthorised access.


Email verification applies to both the web application and the mobile app.


TIP: Want to skip email codes entirely? Enable "Two-Factor Authentication" in your account settings. With 2FA enabled, email verification is not required — and it's the most secure option for regular use.



When is email verification required?


Email verification only applies to users who have not enabled two-factor authentication (2FA).

The reasons why you are prompted depend on the level of access your account has. If one of the reasons applies, you will be asked to verify your identity every 30 days on each browser you use.


Users with access to sensitive data


You get asked to verify when your account has admin rights, access to People data, or permission to view sensitive information such as internal notes on events.


Users without access to sensitive data


If your account does not have access to sensitive data, you will only be prompted if:


  • You log in from a different country than the one where your ChurchDesk account is registered. For example: a user with a British ChurchDesk account travels to France and logs in there. They will be prompted to enter an email code.
  • You log in while connected to a VPN. A VPN can make it appear as though you are logging in from a different location, which triggers verification. If you are unsure whether you are using a VPN, check with your IT administrator.


You may be prompted sooner


  • If you clear your browser cookies or use a different browser. The cookie that remembers your verification is removed when you log out manually, clear cookies, or switch browsers — so you will need to verify again on your next login.



How email verification works


  1. Log in as usual with your email address and password.
  2. If verification is required, you will see a prompt asking you to enter a one-time code.
  3. A code is automatically sent to the email address registered with your ChurchDesk account. The email is sent from no-reply@churchdesk.com with the subject line: New Login Verification Code.
  4. Enter the code in the field shown in your browser or mobile app.
  5. Once verified, you will be redirected to ChurchDesk and can work as usual.


Important: The one-time code is valid for 15 minutes. If it expires, you can request a new code directly from the verification screen. When you do, make sure to use the code from the newest email — check the timestamp in each email to confirm you are entering the right one.



Troubleshooting


I didn't receive the email with the code

Check your spam or junk folder. If the email still does not appear, make sure that your inbox is not full.

If your email programme checks for new messages at fixed intervals, you should manually update your Inbox to check for new messages.


It is possible that your email address has been blocked, in which case you will not receive any emails from us. Common reasons for this include, for example, your inbox being too full in the past or you having marked an email from the ChurchDesk system as spam.

To resolve this: Please send a message from the same email address as your ChurchDesk user account to support@churchdesk.com, requesting that you want to resume receiving all emails from your church and asking us to resolve any potential block.



The verification code is showing as ‘invalid’

After logging in, do not close your browser window; instead, leave it open whilst you switch to your email inbox.

Check that the email is no more than 15 minutes old.

Copy the new verification code from your inbox and then return to the code input field.


If you re-enter your email and password, the old codes will become invalid and a new code will be sent to you.



I am asked to verify my identity every time I log in

This is to be expected if you log out manually, delete cookies manually or automatically, or switch browsers.

If your browser is set to automatically delete cookies, please add the ChurchDesk web address (app.churchdesk.com) to your browser's exceptions list (whitelisting). This ensures that this cookie stays in use for the usual 30 days. The exact steps for this vary depending on the browser you use and can be found in your browser's official help documentation.


To avoid email codes altogether, enable two-factor authentication (MFA) in your account settings – it’s quicker and more secure.

If you do not need access to Sensitive Information, the People module or Admin rights, you can contact your organisation’s administrators; they can change your role to one that does not require a confirmation email.



I still cannot log in after following the steps above

Contact your ChurchDesk administrator or get in touch with ChurchDesk Support.




Security reminder


Never share your one-time code with anyone. ChurchDesk employees will never ask you for your login code. If someone requests it, do not provide it and report the incident to your administrator.


Updated on: 01/06/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!