Two-Factor Authentication FAQs
Answers to the most comment Two-Factor Authentication (2FA) questions.
| Question | Answer |
| What is Two-Factor Authentication? | Two-Factor Authentication (2FA) is a security enhancement that allows users to present two pieces of evidence – their credentials – when logging in to an account. 2FA is a core component of a strong identity and access management (IAM) policy which decreases the likelihood of a successful cyber attack. |
| How do I enable 2FA? | System Administrators needs to complete a few steps to prepare their account for 2FA:
Once the preparation checklist is completed, System Administrators can Enable Two-Factor Authentication. |
| Is enabling 2FA mandatory? | In an age where data breaches are becoming increasingly common, it’s important to do everything you can to protect your patients’ and practice information including implementing additional security layers. Enabling 2FA for the account is highly recommended to decrease the likelihood of a data breach. |
| How do I update a user's email or phone number? | The user's email and/or phone number can be updated through their user account in the Platform or Desktop Application (PM) Resources:
|
| Can I disable 2FA for the account after it's enabled? | Yes. System Administrators can enable or disable 2FA as necessary. |
| Can I enable 2FA for just selected practices instead of all practices? | No. Enabling 2FA affects all practices in the account/KID. This means that all users under the account will need to authenticate with 2FA if the setting is turned on. |
| How does a user log in after 2FA is enabled? | Users will be prompted to authenticate after logging in with username and password. They can select to authenticate using their email address or phone number to receive a text message. |
| How often do I need to sign into 2FA? | Logging into 2FA successfully will grant you a grace period of 7 days to not have to be authenticated with 2FA again. However, if you log in from a different location (IP address), then you will be prompted to authenticate again to decrease the likelihood of a successful cyber attack. |
| How many attempts do I have to authenticate with 2FA? | Each user will have 7 attempts to authenticate with 2FA across all of their applications. For example, if a user logs into the Platform and fails 3 attempts, when they log into the Desktop Application (PM), they will have only 4 attempts remaining. However, a successful authentication will reset the retry attempts back to the default 7 number of tries. |
| Can I change the number of attempts? | No. The default number of attempts is set to 7 and cannot be changed. |
| What happens when the user has exceeded their retry attempts? | The user’s account will be locked. To protect the security of the account, Customer Care is prohibited from unlocking user accounts. The user will need to reach out to their System Administrator to reactivate the user account. |
| A System Administrator in another practice of the account enabled 2FA, why does it affect my practice and users? | 2FA is managed at the account level. If a System Administrator enables it for the account in which your practices is under, then all users for your practice will need to authenticate with 2FA. |
| Can multiple users use the same phone number to authenticate? | We strongly recommend that each user has their own unique number in their user settings. However, unlike email where each user must have a unique email, the phone number can be shared. |
| Does the verification codes sent by email or phone expire? | Yes, verification codes sent by email or phone will expire in 15 minutes or upon successful verification. |