Skip to main content
All CollectionsSecurityPasswords and account access
Email verification code for new or unrecognised browsers
Email verification code for new or unrecognised browsers

All you need to know about logging in when switching browsers or after a vacation.

Joe avatar
Written by Joe
Updated over a week ago

What's changing

We've added an email verification code step for logins from unrecognised browsers or devices. This applies to accounts that don’t have 2FA or passkeys enabled. When you log in from an unrecognised browser or device, we'll send you a code to your email for verification.

When you'll be affected

An unrecognised browser is one that Cliniko doesn’t remember from a previous login. You'll need to enter a code sent to your email when logging in if:

  • You haven’t enabled 2FA or passkeys on your account.

  • You're logging in from a new or different device.

  • You're using private/incognito browsing mode or a browser that doesn’t save cookies.

  • You've cleared your cookies since your last login.

  • You haven't logged in for an extended period and your session has expired.

During the login process, you'll receive an email like this:

You can enter that code in the login page that'll take you straight to your account:

What this means for you

You may be prompted to enter the code when you come back from a long vacation, after the IT department runs updates on your computer, or if you've just switched devices. Waiting for the email can be quite tedious so we recommend setting up 2FA or passkeys to avoid this step.

Scenario 1: a common login hiccup

Sarah, a practice manager, logs into Cliniko every morning from her work computer. One day, IT updates her browser settings to automatically clear cookies each night. The next morning, she logs in and is prompted for a code in her email. Confused, she checks her email, enters the code, and logs in. After doing this every morning for a few days, she decides to enable passkeys to avoid the extra step.

Scenario 2: back from vacation

Jamie, a physiotherapist, goes on a well-deserved two-month vacation. When he returns and logs back into Cliniko, he’s asked to enter a code from his email. Because it’s been a while since he last logged in, Cliniko no longer recognises his browser. He enters the code from his email and gets back to work. To avoid this in the future, he enables 2FA so he won’t need to verify via email again.

How to reduce prompts for a code

If you find yourself being prompted for a code frequently, you can reduce how often this happens by:

  1. Enabling 2FA or passkeys – This is the best way to secure your account and bypass the code requirement altogether.

  2. Using the same trusted device and browser – If you regularly use different devices, expect to be prompted more often.

  3. Ensuring cookies are enabled – If your browser clears cookies automatically, it won’t remember your trusted status.

Why we're making this change

Security is a top priority at Cliniko, and we're introducing this important update to our login process to keep your account safer. This change helps prevent credential stuffing attacks, where hackers try to log in using stolen username-password combinations. Even if someone gets hold of your Cliniko credentials, they would also need access to your email to proceed—adding an extra layer of security.

We understand that this change might be an adjustment, but it's designed to protect your account and keep Cliniko secure. If you don’t want to deal with codes sent to your email, enabling 2FA or passkeys is the simplest way to stay logged in seamlessly. Check out our support guides or contact our support team if you have more questions. Stay safe and secure! 🔐

Did this answer your question?