For added security, Zendesk tracks the devices used to access your account using a cookie named _zendesk_cookie. The first time any team member signs in using the standard Zendesk sign-in (email and password) and passcode, the application stores the _zendesk_cookie on the device.

Zendesk checks the _zendesk_cookie when team members sign in. If the _zendesk_cookie doesn't exist or is invalid, Zendesk deems that device as new and will prompt the agent for a passcode. If the cookie is valid, team members who have signed in on the device before are not prompted for a passcode. However, team members who haven’t signed in on the device are prompted for a passcode.

Additionally, using incognito mode or clearing the browser cache and cookies can cause Zendesk not to recognize the _zendesk_cookie.

When using two-step verification, passcodes are sent to the team member’s primary email address listed in their Zendesk profile. Passcodes expire after five minutes and can only be used once. If team members enter an invalid or expired passcode, Zendesk emails them a new one.

This procedure illustrates the typical workflow when team members sign in to Zendesk from a new or unrecognized device.

1. The team member signs in to their Zendesk account using their email and password and clicks Sign in.

   If Zendesk doesn’t recognize the device, the Two-step verification dialog will appear, instructing the team member to retrieve a passcode from their email.

   

2. The team member checks their inbox for an email from Zendesk.

   The email includes the subject Zendesk verification passcode and a passcode that’s valid for five minutes.

   

3. The team member pastes the passcode into the Passcode field in the Two-step verification dialog and clicks Verify.

   If the team member enters an invalid or expired passcode, Zendesk automatically sends them another passcode instead of signing them in.