Enabling two-step is a fundamental security step

Stolen or weak passwords are the most common way unauthorized users access church accounts. Two-step verification (2SV) means that even if someone gets a password, they still can't log in without the second verification step.

Your church holds incredibly sensitive information: home addresses, phone numbers, children's check-in records, and prayer requests. People trust you with this data, and 2SV is a critical line of defense.

Churches have been asking for this foundational security measure, and it's now available in your account settings.

Choose your rollout: Require immediately, or schedule ahead of time

You have two ways to enforce 2SV, depending on what works best for your church:

Option 1: Enforce immediately

Turn on 2SV enforcement right away for maximum protection. This will automatically log out all org admins and billing managers who do not have 2SV set up from every browser, device, and mobile app. They'll be prompted to set up 2SV when they log back in. Through the customizable email tool, you will be able to communicate this requirement to your team immediately.

A pop-up window titled "Enable two-step verification" with options to require it immediately or on a future date, set for 10/28/2025.

Option 2: Set a future date deadline

Choose a future enforcement date and use the built-in email tool to notify everyone who will be affected. This lets you explain why your church is making this change, provide setup instructions, and give people time to prepare—all in language that makes sense for your context.

More permission levels coming soon

We started with org admins and billing managers because they have access to the most sensitive areas of your account—including financial data, user management, and organization-wide settings.

But we know many churches want to require 2SV for other admin roles too. We're actively working to expand this feature to include Giving admins, People managers, and other permission levels.

In the meantime, we encourage you to promote voluntary 2SV adoption across your entire staff and volunteer team. Even if you can't require it for everyone yet, encouraging adoption is one of the most important steps you can take to protect your congregation's data.

Questions? Our Trust & Safety team is here to help. Reach out anytime—we're dedicated to protecting your church from fraud and keeping your data secure.

🩷 The Trust & Safety Team