Status
All Systems Operational
Home (Partner Network)
>
All Product Updates
>
Removal of Email as a 2FA method on Web for Partners
October 1, 2025

Removal of Email as a 2FA method on Web for Partners

Product
Global

At Employment Hero, we are always working to enhance the security of user accounts and protect users’ sensitive information. As part of these ongoing efforts, we're implementing an important change to our Two-Factor Authentication (2FA) methods.

What's changing?

Effective November 5, 2025, we will no longer support the use of email as a method to receive 2FA codes on our payroll web product, including all Partner brands.

Note: We will also be providing in-platform notice regarding this change for users who use email for 2FA from October 8, 2025.

Why the change?

Email carries a higher risk of unauthorised account access if your email is compromised. To provide you with the strongest possible security, we are removing email as a 2FA option. We now require the use of more secure methods, including mobile SMS or Authenticator Apps (e.g. Google Authenticator).

Actions required

To ensure your users can continue to access their account, please advise users to take the following actions before November 5, 2025.

  • Update their 2FA methods
    • If users currently use email for 2FA, they must switch to mobile SMS or an Authenticator App. Please ensure all users have one of these methods set up and that they are active and up-to-date.
    • Recommendation: We strongly advise setting up both methods to ensure they don’t lose access to their account if one method isn't available.

    More information: Set up Two-Factor Authentication (2FA) - AU | NZ | UK | SG | MY

  • Enable Passkeys
    • Users can set up Passkeys as an additional method to access their account without a password or need to enter a 2FA code every time. This is useful in cases where users are unable to access their mobile devices.

    More information: Sign in with a passkey - AU | NZ | UK | SG | MY


What if a user cannot verify 2FA?

If a user is unable to verify their 2FA, they will be able to submit an Account Recovery Request directly through the platform.

Partner Level Users will receive an email notification when a request has been submitted. They will then be able to action the request via the User Management page within the Partner Dashboard.

Related Posts