Two-Factor Authentication (2FA) FAQ

To further strengthen the security of your BrightArrow account and protect sensitive communications, BrightArrow users are now required to set up two-factor authentication (2FA) in order to access their BrightArrow account. This added step will help prevent unauthorized access and will ensure your communications remain safe and secure. 

How do I set up 2FA for my account? 

When you try to login to BrightArrow, you will be prompted to set up 2FA.

After entering your login information, you will prompted with a page that looks like this: 

  • Field #1 - Select contact option: in the drop-down, choose how you would like to receive the 2FA validation code.
    • Texting - the validation code will be texted to the phone number you enter in the second field
    • Voice Call - a voice call with the validation code will be sent to the phone number to enter in the second field
    • Email - the validation code will be emailed to the email address you enter in the second field
  • Field #2 - Enter your phone/email: Enter your phone or email address that you want the 2FA validation code to be sent to.
    • If you choose Texting or Voice Call in field #1, you will add your phone number here. 
    • If you choose Email in field #1, you will enter your email address here. 
  • Fields #3 and #4 - Name: Enter your first name in field #3 and your last name in field #4
  • Field #5 - Login name: Enter your BrightArrow login name. This is the same login name that you would normally enter on the BrightArrow login page. In most cases, it is the email address provided to you through your organization. If you do not know your login name, contact your system administrator or contact us for help. 
  • Field #6 - Pick 2 security questions: Choose two security questions and provide answers    
    • Once you select your preferred security questions by marking the checkbox next to them, another field will appear for you to enter the answers in
    • Remember to save the answers in a very safe place for future reference
    • The best questions to pick are those that you know the answers to so that you can rely on your memory for the answers without needing to write them down
    • You may be required to answer these questions through the platform or by BrightArrow support if you get stuck when trying to login 
  • At the bottom of the page, click the "Complete" button to save your 2FA information and proceed to the next page
  • Click OK in the pop-up "confirmation" window
  • Enter your validation code on the page, then click "Complete"
    • If you did not receive the validation code, click the "Resend" button. If you did not receive the code via text, users in the USA should first try opting-in by texting Yes to 79041. Contact support for additional help  
    • If you want to change the phone number or email address that will be used for your 2FA validation, click the "Back" button to go back to the previous screen and change it in field #2

Will I have to authenticate every time I log in? 

No, you will not be required to authenticate every time you login to BrightArrow. You will need to re-authenticate any time you login from a new IP address or login from a new device. Once your IP address has been verified, you will not be asked for a passcode again when logging in from that device. 

If you regularly login from more than one device, we suggest that you authenticate each device now by completing the two-factor authentication on every device that you normally login from. That way, if an emergency situation arises, you will not need to worry about completing the two-factor authentication before sending your important notifications out.

How does BrightArrow validate my information? 

BrightArrow validates your information in multiple ways, all behind the scenes. We will first look at the user table to confirm if your phone number or email address is linked to an existing user account. If we don't find the information there, we then look to the staff lists for your organization to find your information there. If we don't find your information in either of those places, we run a back-end process to further check and validate your information. 

What will BrightArrow do with my information?

Rest assured, we store your information securely and ONLY use your information for authentication purposes. We will never share your information with anyone - even our own BrightArrow support engineers will only access your information if you specifically ask us to.

I share a login with other users, but we all use different phones and email addresses. How can we set this up? 

If you share a login with other users in your organization, you are probably all logging in to a "user group." Instead of sharing the logins, each user should be set up as an Alternate User Login to the group. Each user will then be able to set up their own 2FA without needing to worry about excluding anyone else from being able to login. As an Alternate User to a group, each alternate user will have access to all the same information as before but they will be logging in with their own login instead of using shared login credentials. The system administrator/superadmin will need to set this up. SuperAdmins can reference this article for help with creating Alternate User Logins (scroll down to the section header "How to create an alternate user to a group."

The "superadmin(s)" for your organization are the only BrightArrow users who have access to User Accounts. SuperAdmins have the highest level of permissions in BrightArrow, with access to the main user group for their organization including access to all user accounts, lists, reports of messages, and other information depending on your BrightArrow subscription. The superadmin group is the only group that can create, manage, and delete users in BrightArrow. Prior to 2026, the superadmin would need to share login credentials amongst any users who needed this level of access in BrightArrow. As of 2026, multiple SuperAdmins can now be enabled for your account upon your request. If your organization needs more than one person to be able to create, manage, and delete BrightArrow user accounts, the current SuperAdmin should contact our support to have this functionality enabled for additional users. 

My organization already uses multi-factor authentication (MFA) through our SIS. Do we still need an extra level of two-factor authentication in BrightArrow?

At BrightArrow, ease of use is important to us. If your users are losing time due to having to complete too many 2FA/MFA validations, we may be able to help. If BrightArrow is integrated in your SIS (like Blackbaud and PowerSchool) and your organization already enforces a multi-factor authentication process for users to access your SIS, we may be able to turn off the BrightArrow 2FA for you and rely on your MFA processes through your SIS instead. For these cases, BrightArrow will need written, proven details on file that show the exact process of what all users in your organization complete to verify a login. If this pertains to your organization, please contact our support to discuss your options. 

I have a new phone number/email address. How do I update my 2FA to my new contact information?

If you previously set up 2FA in BrightArrow and now need to change the phone number or email address you used, please contact our support to update that for you.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles