This week we quietly released an upgrade to protect you and your church from an increasingly common security threat–“profile takeover” attacks.
This happens when a scammer tricks an admin into changing or adding contact info to a profile, and then uses the email or phone number to log into Planning Center.
The new “login method” is a single email or phone number you use to log in. It’s a key only you control so scammers can’t use an alternate way into the account.
This change also makes editing people’s contact information a much less risky task for your admins.
The new login method is now active in every user’s account across all of Planning Center, which means your church’s data just got a little bit safer.
How the Login Method Works
Within your profile, we’ll show your Planning Center login credential.
We pre-set your credential based on what you usually use to log in, and we did the same for everyone else with a login to your organization’s account.
This is the only email or phone number you can use to log into your account, and you are the only person who can change it. With this change, scammers can’t match an alternate email or phone number to get into your account.
The New Account Recovery Process
We also released a new process to make it safer for admins to help people recover their account if they ever get locked out. At the basic level, you can send people a password reset email with a code and a link to reset their password. You can also help them change their login email.
On the rare occasion that someone forgets their email and their password, we’ll walk you through resetting their account and warn you about the risk levels with each option.
This is a highly risky process, and at each step of the way, we’ll help you double-triple-check to make sure you’re not being scammed by an imposter.
This guided process is based on real-world scenarios we’ve seen our customers deal with, and we want to protect your church from falling for a common scam.
How You Can Help Protect Your Data
There’s nothing for you to do based on this update. Your unique login credential is already set to whatever email you’ve been using, and you don’t need to change it unless you really want to.
But there are always a few things you can do to protect your data:
- Set up two-step verification to add another layer of protection to your login.
- Enable privacy mode for your church’s directory on Church Center so scammers can’t get to congregant data.
- Check your security log every once in a while to verify the right people are accessing your account.
These small practices can have a huge impact on protecting the valuable information you store in your account.
As always, if you have any questions, please reach out to our support team. We would love to provide any information we can.
💙 Planning Center