Set up 2 factor authentication (2FA)

Add an extra layer of security to your Cliniko account.

Jim Sadusky avatar
Written by Jim Sadusky
Updated this week

Two-Factor Authentication (2FA) is an additional security measure used to protect your Cliniko account. It requires you to provide two forms of authentication when logging in: your regular password and a temporary code generated by an authenticator app. This extra layer of protection is crucial because it significantly reduces the risk of unauthorized access to your account.

When you login to Cliniko, you provide an email address and password. This is one "factor" of authenticating who you are. 2FA refers to using a second factor to confirm your identity. Most commonly, the two factors in 2FA are something you know, and something you have. The password is something you know and most often your phone is something you have.

By implementing 2FA, it ensures that even if someone manages to obtain your password, they still won't be able to log in without that "second factor" (i.e. your verification codes generated by your authenticator app). This helps safeguard your information, maintains the confidentiality of your patient data, and reinforces the overall security of your Cliniko account!

If you are looking to set-up 2FA for your user account, this guide will walk you through how to set it up!

Enable 2 factor authentication

Within Cliniko, click on My info, located underneath your name:

Under the 2 factor authentication settings, click the "Enable 2 factor authentication" button:

On the 2 factor authentication page, you'll now see a few steps you'll need to complete:

Step 1: Make sure your mobile numbers are still current

To ensure a smooth setup process for 2FA, it's essential to have a valid mobile phone number registered in your Cliniko profile. Without a correct and up-to-date mobile phone number, 2FA cannot function effectively and we cannot verify your identity if you need to reset 2FA. Therefore, during this step, please double-check that your mobile phone number is accurately entered and reflects the most current information in your profile.

Step 2: Download an app for your smartphone or desktop

Next, you'll need to download an authenticator app. We recommend Twilio Authy, as it's quite easy to install and set up. (You can use any 2FA app you want, but we really like Authy!)

Step 3: Add Cliniko to your authenticator app

From this point, there will be a few steps to follow within your 2FA authenticator app:

  1. On your mobile phone, open up Authy.

  2. Press the Add account button.

  3. Press the Scan QR code button and point your mobile camera at your screen.

If you cannot scan the QR code for any reason, you can instead Enter key manually. This is great if you have downloaded Authy on a desktop or have a device without a camera. Copy the code from Cliniko and enter the code into Authy in order to proceed to Step 4.

Step 4: Enter your verification code

Once you've added your account to your authenticator app, you'll now enter the verification code generated within Authy into your Cliniko account on the 2 factor authentication page:

Just note that the verification codes expire every 30 seconds. However, once you enter the verification code, make sure to click Enable 2 factor authentication at the bottom of the page. Now, you're all set! 🙌

Login process with 2FA enabled

Now that you have enabled 2FA for your Cliniko account, here's a breakdown of how your login process would look:

  1. Head to the login page for your Cliniko account;

  2. Input your email address and password;

  3. When prompted to enter your verification code, retrieve the 6-digit verification code from Authy (or your preferred authentication app) and enter the code into Cliniko:

  4. Voila! You're now logged in.

You'll be requested to enter a unique verification code each time you login from a browser or device we don't recognize.

If you choose to enable the "keep me logged in on this device" option, it will alter the functioning of 2FA. Consequently, you will not be prompted to enter 2FA codes for the subsequent 30 days.

Generating 2FA backup codes

Within Cliniko, you can generate a set of single use back-up codes that you can print off or save somewhere just in case you can't access your phone—giving you access until you can retrieve your phone or get a new one.

This is important! Make sure to generate and print or save the back-up codes to ensure you can always access your account.

Your account information page will let you generate backup codes. To grab these, head back to the 2FA area on your account information page, and click Generate backup codes:

You can print these off and store them somewhere safe. If you already use a password program like 1 Password, you can use it to store your codes as well!

It is very, very important that you store these codes somewhere! Whether you print them, take a screenshot, write them out by hand…just be sure to save them somewhere!

As always, let us know if you have any trouble with the setup of 2FA—we think it's a great option to keep your account secure, and recommend that everyone does this!

Did this answer your question?