Two-factor authentication now enabled for users with enhanced roles

To help keep church data more secure, we have now enabled two-factor authentication by default for users with roles that have access to more sensitive information. These users will now be asked to enter a one-time security code (sent to their email) when logging in.

This change currently applies to the following roles: Administrators, Statisticians, Report Managers, and Treasurers.

Two-factor authentication has been available in Church Social for a couple of years already, but many churches had not yet enabled it. As part of our ongoing efforts to improve security across the platform, we are now enabling it by default for these higher-access roles.

We also plan to extend this requirement to Deacons, Elders, and Pastors on March 31, 2026. Administrators can enable this setting earlier at any time on the Security Settings page.