| Announced on | Rollout starts | Rollout ends |
| March 18, 2026 | March 25, 2026 | March 26, 2026 |
Starting March 25, 2026, Zendesk is updating the sign-in flow to check for expired passwords before prompting for two-factor authentication (2FA), enhancing security and simplifying the user experience.
This announcement includes the following topics:
What's changing?
Zendesk is updating the sign-in flow so password expiration is checked before prompting for 2FA. Previously, users saw the 2FA prompt before Zendesk verified whether their password had expired, which could allow sign-in to proceed even with an expired password. With this change, when a user signs in and their password has expired, they’ll be required to change their password first, and only after successfully updating it will the 2FA prompt appear.
Why is Zendesk making this change?
This reordering ensures that password enforcement can’t be bypassed by completing 2FA. It also makes the user experience clearer: when a password expires, users will be prompted to update it before proceeding. This makes the flow more consistent and removes ambiguity about what a user needs to do to complete their sign-in.
What do I need to do?
You don’t need to do anything. This update is automatically rolled out to your account and applies to team members and end users who sign in with email and password and have 2FA turned on. As part of this update, team members with expired passwords will receive the usual password-expiration emails, notifying them that their password will expire starting March 25.
If you have feedback or questions about this announcement, visit our community forum, where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.