Zendesk is reordering its sign-in authentication sequence to validate password expiration before triggering two-factor authentication, closing a security gap that previously allowed users to complete 2FA despite having expired credentials. The change, rolling out from 25 March 2026, addresses a fundamental flaw in the original flow: password enforcement could be circumvented by completing the secondary authentication step, leaving accounts vulnerable to access with outdated credentials. By reversing the sequence, Zendesk ensures that password policy compliance becomes a hard gate before any secondary verification occurs, eliminating the possibility of this bypass.
For CX teams managing Zendesk deployments, this update carries operational implications worth considering. The change is automatic and requires no configuration, but it will affect user experience during the rollout window—team members with expired passwords will encounter a mandatory password reset before reaching the 2FA prompt. This sequential friction is intentional and security-justified, yet teams should anticipate support requests from users unfamiliar with the new flow, particularly those accustomed to the previous experience. The question becomes whether your support team is prepared to explain this change proactively, or whether you'll absorb reactive inquiries during the rollout period.
The broader significance lies in how Zendesk is treating authentication as a foundational security control rather than a feature afterthought. Given the recent Salesforce data theft attacks exploiting OAuth vulnerabilities, this kind of deliberate security sequencing reflects an industry-wide reckoning with authentication architecture. For administrators, this signals that Zendesk is tightening its security posture incrementally—expect similar refinements to propagate through the platform as threat landscapes evolve.
Announced on Rollout starts Rollout ends March 18, 2026 March 25, 2026 April 2, 2026 Starting March 25, 2026, Zendesk is updating the sign-in flow to check for expired passwords before prompting for two-factor authentication (2FA), enhancing security and simplifying the user experience. This announc
Announced on Rollout starts Rollout ends March 18, 2026 March 25, 2026 March 26, 2026 Starting March 25, 2026, Zendesk is updating the sign-in flow to check for expired passwords before prompting for two-factor authentication (2FA), enhancing security and simplifying the user experience. This announ