3 Nonprofit Password Alternatives To Ensure Better Security

There’s no greater annoyance to a donor than being unable to follow through with an online gift due to a faulty password problem and who can blame them? From corrupting nonprofit software to obstructing online donation outreach, there’s no telling how far a password security issue can derail your nonprofit’s goals and drive away donors.

In fact, many of us have already likely experienced some of the frustrating drawbacks of passwords in our personal and professional lives such as:

  • They are easy to forget.
  • They are difficult to manage across a variety of systems.
  • They are easily susceptible to major hacks.

All in all, there has to be a better way for organizations to help their users verify their virtual identities.

Luckily, that’s where password alternatives come in to prevent your nonprofit’s donors from having to relay a complex combination of symbols every time they attempt to make a donation.

Not only are these password replacements more convenient, but they also enforce stronger security policies to protect your nonprofit and donors’ personal information.

Intrigued? Simply follow along with us as we explore the following password alternatives that more and more organizations are taking advantage of:

  1. Email authentication
  2. Two-factor authentication
  3. Fingerprint or eyeball scanning

By the end of this post, you’ll be convinced that an alternate security system is all it takes for your nonprofit to beef up online defenses in a hassle-free way.

@Pay's email authentication is our number one recommended password alternative.

1. Email Authentication Password Alternative

Many nonprofit professionals agree that email authentication is one of the top methods of choice for ensuring greater ease and security with online donations.

In addition to our text-to-give and web-based donation platforms, @Pay has also developed a top-notch email authentication system that drastically reduces the number of giving steps for prospective donors.

To begin with, we’ll walk you through how this new-age security technology works as well as address your top questions and concerns let’s get started!

How @Pay’s Email Authentication Works

For those of you who we lost back at ‘email authentication’, never fear; no one has to be a tech wizard to grasp the nuts and bolts behind this password alternative. As a matter of fact, our step-by-step breakdown is pretty straightforward:

  1. Donor pushes the payment button: When a donor pushes your nonprofit’s @Pay payment button, a mailto link is triggered that generates a “payment email”.
  2. Donor receives a pre-written payment email: A donor will use this email to authorize a credit card or bank account charge on their behalf to the nonprofit. If it’s their first time donating, donors are directed to a form where they fill out all of their information before receiving the email.
  3. Donor sends the payment email: Once the email is sent, @Pay can access an individual token within the email to track the name of the organization and dollar amount that the donor wishes to give.  

Check out our visual diagram below:

@Pay's email authentication process is as easy as click, confirm, and send!

By using email authentication, @Pay is able to identify the user by their email address (Gmail, yahoo, etc.) instead of a password. This in turn allows donors to more easily give to your nonprofit while having peace of mind that their personal information is safe.

How @Pay Confirms Your Email is Valid

The chief concern many nonprofits have about email authentication is with any potential bugs that may put your donor’s giving information at risk. That’s why we’ve implemented two extra security measures to set your mind at ease about how this password alternative protects your donors’ email account and private data.  

For starters, email providers like Google, Yahoo, or Comcast already make sure your email account is password protected. These policies stop one user, say michelle@gmail.com, from sending emails from another account user like tiffany@comcast.net.

@Pay simply incorporates those email provider’s existing password security tactics into our email authentication system.

But how does @Pay prevent spoofed emails, you ask?

First, let us clarify that once a person pushes the payment button, their email travels through a digitally encrypted network of @Pay servers.

Our servers can then track the voyage of that email using DKIM (DomainKey Identified Mail) to verify that it originated from the email server. We also rely on SPF — a type of Domain Name Service record — to confirm your donor’s email came from the actual server. 

At the end of the day, these protocols are some of @Pay’s top priorities for making certain your donor network is protected through email authentication.

For more ideas on how to best manage your flow of online donations, check out Fundly’s top payment processors that work with nonprofits

The bottom line: As opposed to entering an unreliable password, email authentication helps donors feel more in control of their online giving through a simplified and failsafe online exchange.

Two-factor authentication is a password alternative that provides an extra layer or security to your nonprofit's defenses.

2. Two-Factor Authentication Password Alternative

For nonprofits looking to add an extra layer to their online security, two-factor authentication is another reputable password alternative to consider.

While mainly used by larger companies, individual and smaller organizations are starting to experiment with two-factor authentication to combat password breaches and online theft. Follow along as we detail everything you need to know about this handy password alternative!

How Two-Factor Authentication Works

Your donors’ payment information may be highly-classified, but with only one round of usernames or passwords to log in, a competent hacker can break into your donation system with little to no effort.

Two-factor authentication was created in response to this unstable security system in favor of having users identify themselves in two separate ways when accessing a device or service. This extra defense not only stops fraudulent behavior in the moment, but the additional work also deters criminals from even trying in the first place.

These added security layers can take many forms depending on your nonprofit’s security standards and preferences, but some of the more common types of two-factor authentication include:

  • Physical Token: When a user logs in, they must use a physical token (usually a piece of hardware) to plug into a USB port or generate a limited-time password. This method is most commonly used at banks or places with highly-sensitive data.
  • SMS Verification: When a user logs in, a verification code is sent to their phone via a SMS message. The user can then access the code on their phone and type it into the online login screen.
  • Authenticator Apps: When a user sets up an account, a secret key is stored on the server and sent to your portable device. Every time you login, you’re given a unique code that can only be used once and is usually good for up to a minute. The most popular example of this is Google Authenticator.  

Don’t forget that two-factor authentication should never be confused with two-form authentication, which uses a challenge question or other login gate to verify a user’s identity.

Top Pros and Cons

To say the least, two-factor authentication wins out over traditional passwords simply with it’s tougher security levels. Although, it requires a little extra work on the donor’s part than entering in a password, the decrease in theft is certainly worth any nonprofit looking into.

For instance, some of the most notable advantages of two-factor authentication include:

  • A donor’s physical token is difficult for a hacker to get a hold of.
  • Most forms use a cellphone as a secondary tool to increase safety.
  • Authenticators are compatible with most applications and don’t depend on cell phone networks.

However, two-factor authentication’s multi-layered functionality can sometimes backfire on a user in the following critical ways:

  • You can’t access SMS without a phone signal, rendering it useless in some areas.
  • SMS and authenticator apps are at risk of theft, especially if other passwords are stored on the user’s phone.
  • Nontechnical users may face challenges when setting up an authenticator.
  • Setting up two-factor authentication lengthens the giving process which can deter supporters from donating.
  • Physical tokens are often expensive and easy to lose or steal.

Overall, this password alternative may be strong for the most part, but nonprofits should also be prepared if the system collapses at a moment’s notice.

The bottom line: Two-factor authentication gives your payment system an extra line of defense by forcing users to identify themselves in multiple ways as opposed to issuing a single password.

Fingerprint and eyeball scanning are advanced password alternatives for nonprofit security.

3. Fingerprint or Eyeball Scanning Password Alternatives

Oftentimes, key physical attributes like fingerprints and eye retinas can be used to set us apart not only in looks but in security measures too.

In fact, many of us already use fingerprint scanners on our smartphones to avoid manually entering a password every time we want to check our email, social media, or simply browse the web.

That’s why using fingerprint or eyeball verification to make payments or donations is a natural next step for this digital security system. To give you a better idea of how these password alternatives works, we’ll cover the basics and single out top benefits and setbacks.

How Fingerprint and Eyeball Scanning Works

Similar to the previous two-factor authentication methods we covered, fingerprint and eyeball scanning relies on an additional security element that’s personalized to each user.

This tailored process can be utilized to help users make in-person payments or donations just as easy as whipping out a debit or credit card without having to carry them with you. That being said, the fingerprint payment system does slightly differ between iPhone and Samsung users:

  • iPhone users rest their thumb on the phone’s fingerprint reader and hold the phone near the store’s payment scanner.
  • Samsung users swipe up from the home button, perform the fingerprint scan, and then place the phone near the payment scanner.

Fingerprint and eyeball scanners are also now being used to make online payments, such as Mastercard’s fingerprint and facial recognition technology which confirms a cardholder’s identity for easier online shopping.

With the steady influx of fingerprint and eyeball scanning, nonprofits can only imagine how these tech initiatives of tomorrow can impact security issues today.

Top Pros and Cons

There’s no denying that fingerprint and eyeball scanning is more glamorous than traditional passwords, and thus more appealing. After all, because everyone has a unique set of both features, it only makes sense for us to use these password alternatives as a way to enhance both online and offline security.

Other significant merits of fingerprint and eyeball scanning include:

  • Fingerprints and eyeballs are harder to fake than payment or identity cards.
  • You can’t forget your fingerprints or eyeballs like you can forget your password.
  • You can’t misplace your fingerprints or eyeballs like a payment or identity card.  

Despite their high-tech allure though, there are a number of disadvantages to take into consideration with fingerprint or eyeball scanning such as:

  • Accessing a device that can scan your fingerprints or eyeballs can be costly.
  • Someone can copy your fingerprint or eye retina to create a replica.
  • Scanners can be fooled by a picture/mold of someone’s fingerprint or a contact lens of someone’s eye retina.
  • Someone can force you to use your fingerprint or eyeball to unlock confidential information.

It should be noted that many of these potential issues involve extreme dedication and expertise and unless you are someone with mass finances at stake it’s likely that a thief will not go to the trouble of accessing your fingerprints or eye retinas.

However, one serious drawback of fingerprint or eyeball scanning is that once someone has access to those features, you can’t change them like a password or PIN code to protect your information. Essentially, when someone has a means of using your fingerprints or eye retinas, they have it for life.  

The bottom line: It’s important for your nonprofit to take into account the user experience of fingerprint and eyeball scanners as well as major security weaknesses.


Let’s face it: nothing can slow down your nonprofit’s operations quite like a password-related problem. Earn your donors’ trust by relying on a stronger password alternative to protect their personal information and generous funds.

For more information on nonprofit software and online donations, feel free to browse our additional resources:

See how @Pay's passwordless-authentication can assist with your organization's fundraising efforts.

Comments are closed.