Zeffy Help Center
Account Security

Activating two-factor authentication (2FA) on your account

With two-factor authentication (2FA), you can add an extra layer of security to your account in case your password is stolen.

What you need to know about 2FA

  • 2FA is mandatory on Zeffy. To keep your account secure, you must set up two-factor authentication to access the platform.

  • 2FA is user-specific. If multiple people have access to your Zeffy account, each user must set up 2FA for their own email address. Enabling 2FA for yourself won't affect other users.

  • 2FA uses your phone number or an authenticator app. When prompted, you'll receive a 6-digit code via text message or through your authenticator app.

Setting up 2FA with your phone number

When you log in to Zeffy for the first time (or if you haven't set up 2FA yet), you'll be prompted to add your phone number:

  1. Enter your phone number when prompted. See the list of supported countries for SMS 2FA.

  2. Click Send code to receive a 6-digit code via text message.

  3. Enter the code you received and click Submit.

  4. Once verified, you'll see a green "Active" banner confirming 2FA is enabled.

Your phone number is only used for account security β€” we won't send you marketing messages or use it for any other purpose.

Setting up 2FA with an authenticator app

By using an authenticator app, codes are generated through a free app on your phone. Some recommended options are:

  • Google Authenticator

  • Microsoft Authenticator

  • Authy

  • 1Password

To set this up:

  1. Open your authenticator app (or download one if you don't have it yet).

  2. Tap "Add account" or the "+" button.

  3. Choose "Scan QR code" and point your phone at the QR code on your Zeffy screen.

  4. Enter the 6-digit code from the app and click Verify.

  5. Save the recovery codes somewhere safe (like a password manager or secure document). These are your backup in case you ever lose access to the app.

Codes refresh every 30 seconds, so enter them quickly after they appear in your app.

Logging in with 2FA

Once 2FA is set up, here's what to expect each time you log in:

  1. Enter your email and password as usual.

  2. If we detect something different about your login (new device, new browser, or sensitive action), you'll receive a 6-digit code via text message or your authenticator app.

  3. Enter the code on the login page. Codes expire after 15 minutes.

  4. You'll be directed to your Zeffy dashboard.

Managing your 2FA settings

To view or update your 2FA settings:

  1. Log in to your Zeffy dashboard.

  2. Click on your name in the bottom left corner, then select Settings.

  3. Click on Two-factor authentication in the account options.

On this page, you'll see:

  • Which authentication method you have active

  • The last 4 digits of your registered phone number (if you set up SMS verification)

  • Your 2FA status (Active)

2FA for teams

Does 2FA apply to the whole account or just my login?

2FA is user-specific, not account-wide. Each person who logs into a Zeffy account sets up their own 2FA, tied to their own email address and phone number. There is no single shared 2FA code for your organization.

We share a single login β€” is that okay?

Sharing a single email and password between multiple people is strongly discouraged. Each login should have 2FA tied to one person's phone β€” if multiple people share an account, only one of them can receive codes. If that person is unavailable, everyone else is locked out. The right solution is to give each person their own user account. See User Roles, Permissions, and Account Ownership Transfers for instructions.

What happens when a team member leaves?

Remove their user account from Zeffy to protect access. Because each user's 2FA is tied to their personal phone number, you won't need to reset anything organization-wide β€” just remove their individual account. If a former team member's phone number is still receiving 2FA codes for a shared login, contact support to help update it.

Was this helpful?