Cliniko’s servers and infrastructure are very secure, but if someone knows your email address and password, they could log into your account—and that’s not something anyone wants.
We want to give you the tools to help keep your account (and patient information) locked down. While each user has their own email address and password, 2-factor authentication (2FA) adds another layer of security (a second factor, if you will)—meaning that the person logging in needs to also have their mobile phone, with the 2FA app installed (and the unique code that’s generated by that app), in order to finish the sign-in process.
Requiring every user to use 2FA is the single best thing you can do to secure your Cliniko account. While it does require an extra step during the sign-in process, it could ultimately mean the difference between someone who shouldn't have access to your account managing to sign in—or not.
☝️Note: Only administrators can turn this on (or turn it off). If you're reading this article and are not an administrator (and are wondering what on earth this 2FA thing is that you're seeing when trying to sign in), we recommend that you contact someone who is administrator on your account. They'll be able to confirm whether or not the setting is enabled. This will walk you through the steps of setting up 2FA.
Require all users to enable 2-factor authentication
Head to Settings, and then General settings:
Under Security, tick the box under Two factor authentication:
Save the settings, and you're all done. Now, each and every single user on your account is going to be required to enable 2FA before they can proceed with anything else.
If someone does not have 2FA enabled, this is what they'll see when they log in, and they will have to set it up before they can continue using Cliniko:
There are a few things to note here:
Once enabled, this goes into effect immediately. You may wish to consider initially turning it on outside of regular business hours, as anyone who is currently doing anything in Cliniko will be prompted to turn on 2FA (possibly in the middle of a task, like writing a treatment note).
Each user will be required to put their mobile phone number into Cliniko. 2FA cannot operate without a mobile phone number.
Each user will also need to install a 2FA app on their phone. This might be daunting if they have never used it before—we have some information here that will help to walk them (and you, if you're also new to 2FA) to get it set up.
While this feature is optional (unless you are based in Australia and integrated with Xero) we strongly encourage you to use it. If you have any questions, our support team will be able to help out! 💬