Multi-Factor Authentication (MFA)

Dan Sprague
Dan Sprague
  • Updated

To improve security, you now have the option to enable Multi-Factor Authentication (MFA) for your practice.

What is Multi-Factor Authentication (MFA)?

When Multi-Factor Authentication is set up, staff users will be asked to provide an additional security code when they log in. They can choose whether to receive the code via an authenticator app, or by SMS on their phone.

It is the choice of individual staff users whether they want to turn on MFA for their accounts or not. We strongly recommend that it is turned on, because MFA provides an extra layer of protection to your Patchs account: in addition to your email address and password, an attacker would require a time-limited code to gain access to the confidential information stored in Patchs.

If your practice has enabled MFA but you have not set it up as an individual staff user, your log in process will remain unchanged (it will require only your email address and password).

How Multi-Factor Authentication (MFA) works

To get started with Multi-Factor Authentication, first you need to contact the Patchs Support team. We will then make the feature available to your practice.

Once MFA has been made available by us, it can be easily managed (enabled/disabled) by a Patchs Admin user. This can be done via the Feature Settings page.

Scroll down to 'Multi-Factor Authentication settings and check the box. You will see a green pop-up box in the top right-hand corner to confirm that you have successfully enabled it:

Individual staff users will then see an option to set up MFA when they log in:

Setting up Multi-Factor Authentication (MFA) for the first time

First, you need to choose whether to receive MFA codes on your phone via SMS, or via an authenticator app of your choice. The set-up process will not be complete until you enter a valid MFA code.

Authenticator apps

Authenticator apps can be found on your usual app store (eg. Google Play or the Apple Store).

If you opt to use an authenticator app, you will be shown a QR code. Scan it using the authenticator app you have downloaded, and enter the code it provides:

If you try to log in with an incorrect code, then you will also be asked for a new code. The app will provide this.

Code by SMS

If you choose to receive a code by SMS, you will need to enter your mobile phone number:

A code will be sent to the number you supplied:

Each code is valid for 10 minutes. It cannot be used more than once. If you happen to enter the incorrect code, you will be sent a new code to the same mobile phone number. 

Managing Multi-Factor Authentication

Only the user themselves can set up MFA for their account. However, Patchs Admin users can view who has set it up, and disable it for specific users if for any reason they lose access (for example, if they lose their phone).

To disable MFA for a specific user, go to the Manage Staff and Inboxes page. Find the user in question and click on the 'X' to the right of 'Set up' in the relevant row:

"Remember this device" option

When you log in using MFA, you have the option to "Remember this device" for 14 days. This means that for 14 days you will not need to provide a new MFA code each time you log in.

Simply check the box above the blue 'Log in' button:

 

 

Was this article helpful?