2 factor authentication (2FA) is the single most important thing you can do to secure your Cliniko account. If you've never used it before, you probably have some questions—and we're here to provide some answers!
My password is already super secure. Why do I need something else? It's just another added step!
It may be an added step, but it's the most important step—especially when it comes to securing confidential patient and health data. With 2FA, the login process requires "something you know" (your email and password) and "something you have" (your phone). If someone were to get ahold of your email and password, it's possible they could log into your account and access information that they're not supposed to be privy to. The idea behind 2FA is that only you have your phone, so only you have access to the unique 2FA code that's required to log in, in addition to your email and password. For a more detailed summary of essential ways you can secure your patient health data, head over to our blog.
I have 2FA set up, but the code isn't working. Help!
Assuming you haven't changed anything about your 2FA setup (i.e. it's not a new phone, the app has been installed for a while and worked previously, etc.), it's most likely an issue with the time settings on your phone. Your phone's time will need to be on "automatic" or "network" (and this can be found in the phone's settings). Further reading for 2FA troubleshooting can be found here.
I've never used 2FA before, and have no clue where to start. How do I set it up?
First things first, we recommend downloading the free Twilio Authy app to your phone. This is our preferred choice of 2FA app. Once you've done that, head over here for our step-by-step instructions on how to set 2FA up on your Cliniko account.
Double check that you're downloading "Twilio Authy" from Authy Inc. The app should be free within the app stores.
I share login credentials with other users. Can we all use the same 2FA app?
No—and please do not share login credentials with other users. It's incredibly important that each person on your Cliniko account has their own credentials. "Admin" users like receptionists don't contribute to the cost of your plan (only practitioners do), so if you have more than one receptionist, be sure to set them up with their own account.
2FA is designed to work separately for each individual user, so there will be no way to share a single 2FA app/code amongst multiple people.
Why does the 2FA code change constantly? Don't I only need to use it once?
No—you will need to use a unique code each time you log in. The code changes every 30 seconds as part of a security measure. It means that no one except you, who has your phone, can log in using that unique code during that specific timeframe.
I'm having a lot of trouble logging in with 2FA.
There could be any number of reasons that 2FA isn't working for you right now—if you get a new phone and no longer have the app, or if the time on your phone isn't set to "network" or "automatic". We have a guide here that will walk you through possible scenarios and how to troubleshoot them.
I don't have a mobile phone. Do I still have to use 2FA?
If 2FA has been enforced on your Cliniko account, then yes, you will need to use it. Please reach out to our support team by clicking the "chat icon" in the lower-right corner, and they can discuss this further with you.
I share a computer with other users. Can we all use the same 2FA code?
No. If you share a computer with other users (if, for example, you are a member of your clinic's reception/front desk team), you should always be logging in under your own credentials. Because 2FA is "phone-specific", you won't be able to log in as you unless you have your phone. If you don't have your own account set up in Cliniko, please ask your administrator to add you as a user.
I've hired a virtual reception team to handle the admin on my Cliniko account. Do they need to use 2FA?
Yes. If you've enforced account-wide 2FA, your virtual receptionists (all of them) will need to use 2FA. They will each need to have a 2FA app installed on their phone so that they can access the codes required to log in.
If for some reason your virtual reception team cannot have their phones with them at work and therefore cannot access their 2FA apps, please reach out to our support team, and we can further discuss this with you.
Using 2FA might be a big change if you haven't used it before, and we know that getting used to it may take some adjusting. If you have any questions or concerns, please reach out to our support team, as they would be happy to assist!