| Announced on | Rollout starts | Rollout ends |
| September 25, 2024 | October 21, 2024 | April 2025 |
We’re excited to announce new protections that Zendesk is bringing to your account to prevent unauthorized access. Your private data is a crucial resource and a valuable target for malicious actors. With this update, we will greatly increase the security of that data by preventing new and unknown devices from connecting to your account through agent logins without approval.
Starting on October 21, 2024, we will be introducing two-step verification (2SV). As part of our ongoing commitment to provide a secure and reliable environment for our customers, we are implementing this feature to enhance account security. This will be rolled out over an extended period from late October through April 2025 to ensure a smooth transition for all our valued customers.
This announcement includes the following topics:
What is changing?
Customers who have Zendesk authentication turned on will be automatically enrolled in 2SV. When customers sign in from a new device, 2SV will prompt them to enter a 6-digit code they must retrieve from the primary email address on file before they can sign into their account.
We will prompt customers to enter this code when they sign into their Zendesk account from a device we have not seen them use before. If the agent does not receive the email with the passcode, they can request that their administrator retrieve a recovery code on their behalf. If you currently do not have Zendesk authentication turned on but decide to turn it on in the future, 2SV will automatically be turned on on your account.
Why is Zendesk making this change?
Zendesk is making this change to better align with security best practices and industry standards. In today’s security climate, relying on a password as your only authentication method is not enough, and having a second method of authentication helps ensure that the credentials being used are connected to a valid user.
What do I need to do?
To prepare for this change, administrators should inform agents to verify that they are able to access the primary email address on file. If they cannot access that email inbox, they must update it to one that they can access prior to 2SV being enabled on their account.
If you have feedback or questions about this announcement, visit our community forum, where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.