monday.com logo
monday logo
monday work management
monday CRM
monday dev
monday service
WorkCanvas
WorkForms
Platform
Getting started
Reporting
Connect & automate
Plans & billing
Profile & administration
Data, infra & security
Academy
Community
Video Tutorial
What’s new
Developer documentation
Expert
Support
How can we help you?

Two-Factor Authentication

Profile & administration
3 min read

 

Two-Factor Authentication (2FA) adds an extra layer of security when logging in to monday.com. After entering your email and password, you will be asked for an additional verification code. 2FA is available on all plans, and admins are the only ones who can enable it for the account. Once enabled, you can set up 2FA using either an authentication app or a text message (SMS).


Note: Two-Factor Authentication is available for guests, too!

 

Enabling 2FA for my account

To enable 2FA, click your profile picture in the top right corner of your screen, select Administration, then Security, and go to the Authentication tab:

Untitled design (97).gif

 

Under Two-Factor Authentication, click Add two-factor authentication at the bottom:

Group 29 (28).png

 

Choose which authentication method you want to use for your own login, either an authentication app or a text message (SMS). Other people on your account will be able to choose their own method when they set up 2FA.

Group 29 (29).png

Note: Two-Factor Authentication via text message (SMS) is not available for free or trial accounts.

 

Once 2FA is enabled, it will be active for the account. You can then choose who you would like to require it for, members, guests, or both.

image_18__1_.png

The next time members and guests log in, they will be prompted to complete the 2FA setup.

 

Activating 2FA via authentication app

If you choose to log in using an authentication app, you will need to scan a QR code during the initial setup, then enter the verification code generated by the app to complete setup.

Copy of WF- Preview form (6).gif

The next time you log in, you will enter the current code from the authentication app. These codes refresh every 30 seconds, so it helps to enter the code as soon as it appears.

Tip: Some recommended authentication apps are Google Authentication or Duo Mobile. 
 
 

 

Activating 2FA via text message

If you choose to log in using a text message (SMS), you will enter a phone number during setup. A verification code will then be sent by text message.

Group 29 (30).png

The next time you log in, you will enter the new code sent to your phone.

 

Resetting 2FA

You may sometimes need to reset your 2FA method, for example, if you change phone numbers or no longer have access to your authentication app.

 

Resetting 2FA from the Administration section

If you are an admin, you can reset the 2FA method for members and guests on your account. Click on your profile picture in the top right corner, select Administration, select Directory, then Users. Find the relevant person, click the three-dot menu to the left of their name, and select the option to reset their 2FA method. The next time they log in, they will be prompted to set it up again.

Group 29 (31).png

 

Resetting 2FA from My Profile

You can reset your own 2FA method from My Profile. From there, you can choose the method you prefer without needing an admin to reset it for you.

Group 28 (1).png

What team members and guests see on their account

After 2FA is enabled by an admin, all team members and guests will be prompted to choose their preferred 2FA method when logging in. Depending on the method you select, you will either scan a QR code to connect an authentication app or enter a phone number to receive an SMS verification code.

Tip: Enterprise account admins can also enable Google Authentication and SAML for more advanced security measures.   

 

Account takeover protection

Sometimes, you may be asked to enter a code sent to your email even if you did not turn on 2FA. This is account takeover protection.

Account takeover protection is a security feature that detects suspicious login attempts and adds an extra verification step when needed. In these cases, monday.com sends a one-time passcode (OTP) to your email and asks you to enter it to confirm the login:

Group 29 (32).png

 

This protection can apply to certain accounts, such as Enterprise admins who do not use SSO or 2FA, and accounts that have been identified as higher risk. If you sign in from an unrecognized device and your account falls into one of these groups, you may be asked to enter the email OTP before you can continue. After a successful verification, that device is remembered to reduce future prompts.

Group 29 (34).png

Note: The email OTP that appears during these checks is separate from 2FA. You might see an email OTP even if 2FA is not enabled on your account.

 

FAQs

Can I restrict which authentication method team members can choose?

No. It is currently not possible to restrict team members to a specific authentication method (SMS or authentication app).

Will I be prompted for 2FA again if I close my browser window?

No. You will only be prompted again if you log out, or if you log in from a new device or browser that has not been used before.

Why am I being asked to enter a code from my email if I did not enable 2FA?

This can happen when account takeover protection is triggered, for example when you sign in from an unrecognized device. The email code is a one-time passcode (OTP) used to confirm your login and is separate from 2FA.

If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.

Last modified on

Still have questions?
We can help.

Chat support

Get in touch with our support team through our chat for any questions, concerns, or inquiries.

Community forum

Learn, share ideas and connect with other monday.com customers.

Expert help

Hire a monday.com expert to optimize your workflows.

Is this article helpful?
Help us improve our articles.
On this page