New! Multi-Factor Authentication & 3 Ways to Keep Your Account Safe

We are excited to announce the release of Multi-factor Authentication (MFA) tonight.  As part of that release, you will see the login page has been updated to align with our new User Interface while still retaining your logo at the top.

After enabling Multi-Factor Authentication, users will be asked to verify their identity by entering a one-time code that is texted to the cell number associated with their User Account information. 

There are also options to resend the code, use another method (their email address), and remember me for 30 days on this device.   

While MFA is entirely optional, it has been heavily requested by some of our most security-conscious churches.  The feature is off by default and can only be enabled at the Admin level. Enabling MFA for your organization affects all account users.

Why is this additional login step important?  Because it helps address the most important data security issues churches face.  Here are three of these—and clear, actionable ways to address each one.

1. Weak Passwords and Shared Accounts

The issue:
Many churches still rely on simple passwords, which are easily guessed or shared among multiple users, creating a significant security gap.

Action steps:

• Assign individual logins to staff and the most responsible volunteers — never share credentials.  

• Require strong, unique passwords for every account.  Churchteams already requires this type of password, but we recommend you do the same for your email.  

• Turn on Multi-Factor Authentication (MFA).

Tip: Use a reputable password manager on your device to keep credentials secure and organized.

2. Phishing and Email Scams

The issue:
Fake emails posing as pastors or staff are common. These “phishing” messages may even request urgent payments or sensitive information.

Action steps:

• Train your team to spot suspicious emails—watch for misspellings, strange addresses, or requests for money.  What is a Phishing Scam? And four ways to avoid getting trapped.

• Be sure to verify requests for help by calling or texting the person directly.

• Use official church email domains (not free Gmail or Yahoo accounts) for all ministry communication.  How to set up your church domain, email, and website.

3. Unprotected Personal Devices

The issue:
Staff and volunteers frequently access church email or management apps from personal phones and laptops that lack proper safeguards.

Action steps:

• Require screen locks, strong passcodes, and automatic timeouts.

• Install antivirus software on any device with church access.

• Enable remote wipe to erase data if a device is lost or stolen.

• Encourage keeping church and personal data separate.

Data security is an extension of ministry stewardship. Protecting people’s information isn’t just good practice—it’s a reflection of integrity and care for your church family.

By focusing on these three areas—strong passwords, scam awareness, and protected devices—your church can safeguard sensitive information, strengthen trust, and continue serving with confidence.

We are committed to partnering with you to make sure you have the tools you need to provide the service and security your church deserves.