Re-authentication — "Verify Your Identity First" Screen

When you click on some sensitive operations, the system takes you to the re-authentication page. In which operations it appears, how to pass, and why this protection exists.

19 Haz 2026 25 reads

When you click on some operations on your panel, the page goes to an intermediate screen titled "Verify your identity first" — it asks for your password (and code if two-factor authentication is on) again. This article explains when it happens, why it happens, and how to pass it.

1. Why does this screen appear?

Apt Yönet places an extra door against destructive or irreversible operations that can be done without your knowledge while your computer/phone is open. Think of it this way: a guest at your office might click the "Change Password" button on your seated screen — the system immediately asks for your password again to verify that the identity is really you.

This door is only opened for selected sensitive operations. It does not appear in daily operations like dues accrual, collection, expense.

2. In which operations does it appear?

The following operations require re-authentication:

  • Profile → Change Password.
  • Profile → Delete Trusted Devices (single or all).
  • Profile → Close Active Sessions (single or all).
  • Profile → Cancel Membership (3-step permanent delete flow).
  • Template deletion (Settings → Templates).
  • Account deletion and account closing.
  • Decision Book — delete or lock a decision.
  • Permanent deletion operations in some management modules.

Most super admin-specific operations (system settings, backup restore, user password reset, SMS package approval, system-wide logo change) also use this door.

3. How do I pass?

  1. When you click your operation, the "Verify your identity first" page opens.
  2. Enter your current password.
  3. If your two-factor authentication account is on, also enter your 6-digit verification code.
  4. Click the Verify and Continue button.
  5. The system checks that it is correct and returns you to the page you came from. You continue your operation by clicking the button you clicked again.
After successful verification, it does not ask for a password again for other sensitive operations from the same browser for 12 hours. That is, once verified, you can do sensitive operations comfortably throughout the day; the next day or after closing and opening the browser, it will ask again.

4. I got stuck on the page, what should I do?

If it says "Password wrong"

Check your keyboard language (English/Turkish) and the Caps Lock key. If it still doesn't work, reset the password using the "I forgot my password" flow. For the flow: I Forgot My Password, Two-Factor Authentication, and Trusted Device.

If it says "Verification code wrong" (if 2FA is on)

The code shown in the app on your phone is refreshed every 30 seconds. If you typed too slowly, the code may be invalid — check the app again and enter the new one. If you keep getting errors, you can also try one of your backup codes (each one-time).

The page is directing me to a place I don't know

This happens when the system cannot find where the operation you clicked started — it takes you to the panel home page by default. Go back and start your operation again; this time the verification is fresh, it passes immediately.

5. Why 12 hours?

Very short (e.g., 10 minutes) would ask for a password again on every sensitive operation — re-entering many times during the day would be tiring. Very long (e.g., 1 week) would lose the meaning of security. 12 hours is sufficient for a normal business day + you refresh it when you turn off the computer in the evening.

Next step

To learn to update your account information (name, phone): Changing Phone or Email.

Was this article helpful?

Your feedback helps us improve the content.

Prepared by the Apt Yönet team

This article is based on real-world experience with the Apt Yönet panel. Last updated:

Related Articles

Manager

Updating Your Phone or Email Address

You can change your phone number from the profile page. Since your email address is the fundamental key to your account, you cannot change it yourself — you open a request to the system team.