Using 2-factor authentication

Return to top
Have more questions? Submit a request


  • Jeannie Finks

    Hi @Ankit

    Few questions:

    Under your section: "Using your recovery codes" when an agent has lost their recovery codes, and you mention for the user to "get another set by disabling and enabling 2-factor authentication." From what I can see, the user can only do that by logging in. But if they are locked out/can't log in, how can they do that then? What would be the recommended approach to take?

    Note in the Admin/Security area, "disabling and enabling 2-factor authentication" for the actual Zendesk subscription, I would note in a few places that if an admin does this (go from enable to disable), you're actually resetting it and will blow away any enabled user's config so then they all have to re-enable from scratch (eg you're not keeping state).

    Feature requests? Many of my agents have offered:
    a) "Having to re-enter the TFA code every 14 days is annoying, make it at least 30 days (on the same device) or configurable on the subscription like Zendesk password options."

    Because TFA is quickly becoming commonplace, many chimed in on this:
    "If they named their app better, then I would be able to find it in my sea of TFA codes (I have over a dozen now). The Zendesk TFA code is the bottom one, but at no point does it mention the word Zendesk. This is really confusing."

    Thanks Ankit!

  • Ankit Garg

    Hi @Jeannie
    1) There are a few options here. If you used the "stay signed in" option on a trusted computer, you should be able to log in without being prompted for 2FA code. You can also reach out to Zendesk support for help, in the event you are totally locked out.

    2) That is right. We will update our documentation to reflect this. Would you expect this to work differently? If yes can you explain the use case some more and expected behavior for the use case?

    3) a) Thanks for the suggestion. We are thinking of separating the "stay signed in" into 2 pieces. One piece will apply to not being prompted for password for 14 days. Second piece will be not being prompted for 2FA code for 30 days.

    3) b) I assume you mean when you use an app based 2FA and you scan the barcode. We currently use the account name but I agree we could add Zendesk in there.

  • Jeannie Finks

    1) Thanks for clarification.

    2) I think anytime there's an enable/disable where resets are happening that would cause an impactful consequence, communicating/confirming the potential result makes it very clear. A use case for an admin is where their user is totally locked out, if one were to "disable the TFA", their user could log back in, and then the admin re-enables TFA. More of an on/off state vs. reset. The effected user now logged in would then disable their own TFA, and reset themselves since the admin cannot do it on a user-by-user basis.

    a) Sounds good!
    b) Yes on app-based 2FA/barcode scan method. My assumption is that the ZD account name might be named after the customer company and the company can have its own profiles; hence the suggestion on Zendesk-<account name> .

    Thanks for listening Ankit!

  • Corey Edwards

    Zendesk, while I greatly appreciate that you are among the ever-growing number of services providing 2FA as part of your product, I beseech you to consider adding the following improvements to your implementation to bring your offerings on par with the rest of those offering 2FA:

    1) Offer the ability to download and generate new recovery codes without disabling and re-enabling 2FA, and through a medium besides the 2FA confirmation email.

    2) When disabling 2FA for your own account, it would be wise to require the entry of a OTP code or a recovery code, to prevent fraudulent/accidental account changes.

  • Maxim Oliynyk

    By the way, you can use hardware token (card form-factor) with Zendesk:

  • Nicole S.
    Zendesk Community Team

    Hey Maxim - 

    Welcome to the Zendesk Community, and thanks for sharing. 

  • Gurunn


    I have set up 2FA on our sandbox is testing with sms code. After 30 days, do you need to reenter your phone number or does Zendesk remember it?

  • Mathew Keegan

    Do you support third party 2FA devices like Yubico, Gemalto, or RSA SecurID?

  • Tim Kilkenny

    Hi Gurunn,

    Zendesk will remember your phone number in the 2FA settings, even after 30 days.

  • Tim Kilkenny

    Hi Matthew,

    At this time, we do not currently support third party 2FA devices like the ones that you mentioned.

  • Jonathan March
    Community Moderator

    FWIW -- Lastpass Authenticator is compatible with Google Authenticator, and unlike the latter migrates painlessly to a new phone (via your encrypted Lastpass cloud storage). I switched authenticators about a year ago and have no regrets.

  • John Jairo Escobar

    ¿Cómo puedo mantener el servicio de doble autenticación en Zendesk sin afectar la integración con Zendesk?

  • Steven Hababou


    I've changed my phone and I can't resync my Google Authentificator to my zendesk account, could you please help? 


  • Brett Bowser
    Zendesk Community Team

    Hey Steven,

    We would need to take a look at some account specific information to help grant you access to your account again. I'm going to create a ticket on your behalf so our Customer Advocacy team can look into this further for you.


  • Schakroborty762

    Recently someone hack my free fire account how i useing two factor authentication how to he hackmy account my gmail was

  • Schakroborty762

    Pls recover my account

  • pstrauss

    If an agent's phone number changes, how can I change it so they continue to receive the SMS 2FA codes?

  • Wilfred Kaw
    Zendesk Customer Advocate

    Hello @pstrauss,

    An Agent can make this change in their own profile by following this process:

    1) Select the Admin gear icon on the lefthand side of your Zendesk Support and choose People.
    2) Search your own name and select edit.
    3) Then select the 'Security settings' tab.
    4) Once there, choose 'Edit' under 'Two-Factor Authentication'
    5) Select Use SMS, and you'll be able to update the Two-Factor Authentication number.

    You can learn more about Managing 2-factor authentication here:

    Managing 2-factor authentication


Please sign in to leave a comment.

Powered by Zendesk