Multi-factor Authentication

While your email address and password help secure your Blackbaud ID, you can increase security with multi-factor authentication (MFA). MFA enables your Blackbaud ID to require a unique confirmation code — received on your personal device — in addition to your email address and password. You can receive confirmation codes:

  • Through a mobile authenticator or time-based, one-time password (TOTP) application

  • As text messages on your mobile phone (standard messaging rates apply)

Tip: Unlike with text messages, you can receive confirmation codes through a mobile authenticator when your device is off-line or has no cellular service. For more information, see Mobile Authenticators.

With this extra layer of security, someone with your password still needs the confirmation code to access sensitive data and account information through your Blackbaud ID. When you enable MFA, you receive:

  • A six-digit confirmation code — on your personal device — to further confirm your identity.

  • A 24-digit recovery code to use to access your account if you lose your mobile device or can't receive confirmation codes.

Keep in mind that, except for the solutions where Blackbaud enforces MFA, individual users decide whether to turn on MFA for their Blackbaud IDs. Admins do not control this decision. If admins need to enforce MFA for users, they must establish a single sign-on connection with Blackbaud using an identity provider and enforce MFA through that connection. See SSO Connection Summary.