Enforce Two-Factor Authentication (2FA) for all team members accessing your AhaSend account. When enabled, every user must set up 2FA on their individual profile before they can access your account dashboard or features.
Account Owner Only: Only the account owner can enable 2FA enforcement. This setting affects all team members and requires careful planning.

What is 2FA Enforcement?

2FA enforcement is an account-level security setting that mandates all team members use two-factor authentication. Think of it as adding a second lock to a shared door - everyone needs both the key (password) and the code (2FA) to enter. Key Behavior:
  • Immediate requirement: Team members without 2FA are prompted to set it up upon next access
  • Access blocked: No account features available until 2FA is configured
  • Per-account setting: Enforcement applies only to the specific account where it’s enabled

Prerequisites

Before enabling 2FA enforcement, the account owner must:

Enable Personal 2FA

Set up 2FA on your own profile first:Follow the complete 2FA setup guide to enable Two-Factor Authentication on your personal account, including saving recovery codes.
Required First Step: You cannot enforce 2FA for others without having it enabled on your own profile.

Enabling 2FA Enforcement

Once your personal 2FA is active, enable enforcement for your team:

Access Account Settings

Navigate to account-level security settings:
  1. Log in to your AhaSend dashboard as the account owner
  2. Go to Account Settings
  3. Scroll to the Security section

Enable Enforcement

Activate the enforcement setting:
  1. Find “Enforce Two-Factor Authentication” option
  2. Toggle or check the box to enable
  3. Save changes to activate immediately
Immediate Effect: Enforcement takes effect immediately for all team members.

What Happens to Team Members

When 2FA enforcement is enabled, team members experience the following:

First Access After Enforcement

  • 2FA Already Enabled: Normal access to account dashboard
  • 2FA Not Enabled: Redirected to profile settings with setup requirement

Setup Process

  1. Clear messaging explains 2FA is now required for account access
  2. Guided setup walks through 2FA configuration
  3. Access blocked until 2FA setup is completed successfully
Team Communication: Notify your team before enabling enforcement to avoid access disruptions during critical operations.

Multiple Account Scenarios

It’s common for users, especially agencies or consultants, to be members of multiple AhaSend accounts. The 2FA enforcement setting is specific to each individual account. This means that enabling 2FA enforcement on one account does not automatically force a user to enable 2FA to access other accounts they are members of, unless those other accounts also have 2FA enforcement enabled.

Why Enforce 2FA?

Mandatory 2FA provides critical security benefits for team accounts:
Protection against compromised passwords:
  • Stolen credentials alone cannot access your account
  • Requires physical device access for the second factor
  • Significantly reduces breach risk from password attacks
Safeguard your email operations:
  • Prevents unauthorized changes to sending configurations
  • Protects sensitive recipient data and email content
  • Maintains your domain’s sending reputation
Meet security standards:
  • Required for many industry regulations
  • Demonstrates security best practices to auditors
  • Reduces liability from security incidents

Best Practices

Smooth enforcement rollout:
  • Advance notice: Inform team members before enabling
  • Support availability: Be ready to help with setup issues
  • Timing consideration: Avoid enabling during critical campaigns
Keep your team informed:
  • Explain the security benefits of 2FA enforcement
  • Provide links to 2FA setup documentation
  • Share best practices for recovery code storage