Setting Up Two-Factor Authentication for Enhanced Security

Updated July 14, 2026

Two-Factor Authentication (2FA) adds critical security layer to your TenancyDesk account, protecting sensitive tenant data and financial information.

Why 2FA is Critical

Statistics:

  • Significantly reduces account compromise risk via 2FA
  • Password-only accounts: dramatically more likely to be compromised
  • Growing 2FA adoption among UAE businesses

What 2FA protects:

  • Access to all deals and tenant data
  • Financial information (bank accounts, payments)
  • Compliance documents (Emirates IDs, passports)
  • Company settings and team management

Legal requirement: Some enterprise clients require 2FA for vendor access (data protection regulations).


Enabling 2FA

Steps (3 minutes):

  1. Settings โ†’ Account Security โ†’ Two-Factor Authentication
  2. Click Enable 2FA
  3. Choose method:
    • Authenticator App (recommended)
    • SMS (backup option)
  4. Follow setup instructions
  5. Save backup codes (critical!)
  6. 2FA Enabled

Supported apps:

  • Google Authenticator (free, iOS/Android)
  • Microsoft Authenticator (free)
  • Authy (free, multi-device sync)

Setup:

  1. Download authenticator app on phone
  2. TenancyDesk shows QR code
  3. Scan QR code with app
  4. App generates 6-digit code (changes every 30 seconds)
  5. Enter code in TenancyDesk
  6. Verified

Login process (after 2FA enabled):

  1. Enter email and password (as usual)
  2. Prompted for 6-digit code
  3. Open authenticator app
  4. Enter current 6-digit code
  5. Logged in

Benefits:

  • Works offline (no SMS needed)
  • More secure than SMS
  • Faster than SMS delivery

Method 2: SMS (Backup)

Setup:

  1. Enter mobile number (+971 5X XXX XXXX)
  2. TenancyDesk sends verification code via SMS
  3. Enter code to verify number
  4. SMS 2FA enabled

Login process:

  1. Enter email and password
  2. TenancyDesk sends 6-digit code to phone
  3. Enter code within 5 minutes
  4. Logged in

Limitations:

  • Requires mobile signal/connectivity
  • SMS delays possible (15-60 seconds)
  • Not available in some countries

Backup Codes (Critical!)

When enabling 2FA, TenancyDesk generates 10 backup codes.

What are they?:

  • One-time use codes (8 characters each)
  • Work if you lose phone/authenticator access
  • Valid indefinitely

Save them:

  • Download as PDF
  • Print and store securely
  • Save in password manager
  • DO NOT share with anyone

Using backup code:

  1. Login โ†’ Enter email/password
  2. Can't access authenticator app
  3. Click "Use backup code"
  4. Enter one of your 10 codes
  5. Code is consumed (can't reuse)
  6. Logged in

Regenerate codes: Settings โ†’ Security โ†’ Regenerate Backup Codes (invalidates old codes)


Recovery Process

If you lose access to 2FA (phone lost/stolen):

  1. Click "Can't access your code?" on login screen
  2. Select recovery method:
    • Use backup code (if you saved them)
    • Contact support for manual verification
  3. Support asks security questions:
    • Last deal created
    • Recent payment amount
    • Team member names
  4. Identity verified โ†’ 2FA temporarily disabled
  5. Login โ†’ Re-enable 2FA with new device

Timeline: 2-4 hours for support verification (Enterprise: 7 days/week, Dubai business hours 09:00โ€“18:00 GST)


Security Best Practices

Recommendations:

DO:

  • Use authenticator app (not SMS)
  • Save backup codes securely
  • Enable on all team admin accounts
  • Review login history monthly
  • Use strong unique password + 2FA

DON'T:

  • Share backup codes
  • Use SMS if authenticator available
  • Disable 2FA for convenience
  • Use same password across sites
  • Save password in browser without 2FA

For agency admins:

  • Recommend 2FA for all Manager/Admin roles
  • Monitor 2FA adoption across your team
  • Audit who has 2FA enabled (compliance report)

Login History Monitoring

Security โ†’ Login History shows:

For each login:

  • Date and time
  • IP address and location
  • Device (desktop/mobile, OS, browser)
  • Success or failed attempt

Red flags to watch:

  • Logins from unusual locations
  • Multiple failed attempts (brute force?)
  • Unrecognized devices

Action: If suspicious activity detected, change password immediately and review team access.


Enable 2FA today to significantly reduce the risk of account takeover attempts.

Was this article helpful?

Related Articles

Stay Updated

Get the latest guides, tips, and updates delivered to your inbox.

By subscribing, you agree to receive emails from TenancyDesk. Unsubscribe anytime.

Still need help?

Our support team is ready to assist you with any questions.

Contact Us