Articles on: Introduction

User Identity Verification via Email

Additional security layer

User Identity Verification via Email


Introduction


Protecting your data is our top priority.

ChurchDesk already offers two-factor authentication (2FA).

An additional layer of security is our verification of the user's identity via email for secure login.

Users without 2FA enabled will now need to provide additional confirmation of their access by entering a one-time code received via email.


This security layer applies to both the web application and the mobile app, protecting your ChurchDesk account from unauthorised access.


Contents




Permissions and Roles

When is user authentication via email required?


For all users without Two-factor-authentication (2FA) enabled.

Authentication via email applies to all users who have not yet set up two-factor authentication.

The frequency varies depending on the sensitive data to which the user has access.


  1. Users with permission for sensitive data (like admin rights, sensitive information or access people):

They will be prompted for authentication every time they log in their account. Tip: They can enabled 2FA instead.


  1. Users without permission for sensitive data:

Authentication will be triggered in the following situations — both on web and mobile:


  • When using a VPN connection
  • When logging in from a different country than the one where their ChurchDesk account is registered. EXAMPLE: A user with a British ChurchDesk account travels to France and logs in there. Upon attempting to log in, they will be prompted to verify themselfs via an email code.
  • After logging out manually, the next time the user logs in they will be asked to verify again.



How authentication via email works


  1. Log in as usual with your email address and password.
  2. If authentication via email is required, you will be prompted to verify yourself.
  • You will automatically receive an email with a unique one-time code at your registered email address.
  1. Enter the code in the designated field in your browser or mobile app.


The one-time code is only valid for 15 minutes. If the code has expired, you can request a new code via the login process. Attention: Look out for the TIME STEMP in the email to make sure you use the new, valid code.


After successful entry, you will be redirected to ChurchDesk and can work as usual.



Notes and Recommendations


Keep your email address up to date: Ensure that the email address stored in ChurchDesk is correct and that you have access to it. Without access to your inbox, you cannot receive the one-time code.


  • Check your spam folder: If the email with the code does not arrive, please check your spam or junk folder.
  • 2FA as an alternative: With two-factor authentication enabled, the additional authentication via email is not required. This is the most convenient and secure option for regular use.


IMPORTANT! Never share your one-time code with third parties. ChurchDesk employees will never ask you for your login code.

Updated on: 13/05/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!