Status
All Systems Operational
Support icon
Support
Partner Dashboard
Home (Partner Network)
>
All Product Updates
>
Removal of Email as a 2FA method on Web for Partners
October 1, 2025

Removal of Email as a 2FA method on Web for Partners

Product
Global

At Employment Hero, we are always working to enhance the security of user accounts and protect users’ sensitive information. As part of these ongoing efforts, we're implementing an important change to our Two-Factor Authentication (2FA) methods.

What's changing?

Effective November 5, 2025, we will no longer support the use of email as a method to receive 2FA codes on our payroll web product, including all Partner brands.

Note: We will also be providing in-platform notice regarding this change for users who use email for 2FA from October 8, 2025.

Why the change?

Email carries a higher risk of unauthorised account access if your email is compromised. To provide you with the strongest possible security, we are removing email as a 2FA option. We now require the use of more secure methods, including mobile SMS or Authenticator Apps (e.g. Google Authenticator).

Actions required

To ensure your users can continue to access their account, please advise users to take the following actions before November 5, 2025.

  • Update their 2FA methods
    • If users currently use email for 2FA, they must switch to mobile SMS or an Authenticator App. Please ensure all users have one of these methods set up and that they are active and up-to-date.
    • Recommendation: We strongly advise setting up both methods to ensure they don’t lose access to their account if one method isn't available.

    More information: Set up Two-Factor Authentication (2FA) - AU | NZ | UK | SG | MY

  • Enable Passkeys
    • Users can set up Passkeys as an additional method to access their account without a password or need to enter a 2FA code every time. This is useful in cases where users are unable to access their mobile devices.

    More information: Sign in with a passkey - AU | NZ | UK | SG | MY


What if a user cannot verify 2FA?

If a user is unable to verify their 2FA, they will be able to submit an Account Recovery Request directly through the platform.

Partner Level Users will receive an email notification when a request has been submitted. They will then be able to action the request via the User Management page within the Partner Dashboard.

Related Posts

Enhanced User Access Overview

Updates have been made to the existing User Access and Admin Access pages within the Partner Dashboard to display additional information regarding users. This is done to improve visibility over user’s access and security posture.

August 29, 2025
Impossible Travel Detection on Web

In order to protect users without two-factor authentication (2FA) enabled from credential stuffing attacks, when a login from a geolocation is detected as impossible travel, they will be required to enter in a verification code sent to their email to complete their login.

August 19, 2025
Update to Permissions for Timesheet Processing

From 25 August, full-access users will now be able to mark timesheets as processed.

August 19, 2025
Partner Resources
Get in Touch
Partner Resources by region
Connect

News, resources and insights.

Legal CentreCookiesPrivacy PolicyTermsData Processing Agreement