Two-factor authentication (2FA) simply put, adds an extra level of security to the conventional username and password-based log-ins.
What is 2FA & How does it work?
2FA is an increase in security for your log-in protecting your data against unauthorised access.
Two-step authentication combines your username such as your email address and password with a randomly generated authentication code created by an app on your mobile device.
If you don't have access to your authentication app, you are still able to access your account by answering your security questions that you identified upon setup.
You have the option to set it as mandatory across a practice, or where not mandatory, users can elect to turn it on at their leisure.
|Please Note: From mid-April 2018 Two-Factor Authentication will be mandatory for ALL practices within Australia.|
First; each staff member will need to download the Google Authenticator app on their mobile device and follow the instructions to set it up.
Keep the Authenticator App handy and continue to the next step.
Turning on 2FA
Go to your name and select 'My Profile' and scroll down till you see 'Application Settings' and click to toggle 2FA On .
Scan the barcode that appears onscreen with the downloaded authenticator app on your mobile device and click 'Next'
Input the associated code on your mobile device into the field on screen and click 'Next'
Set up your recovery questions, there a quite a few so scroll through till you find something that would be hard to guess but that you would remember, click 'Next'.
Logging in once set up
Once you have set up your individual 2FA you will be required to enter in the randomly generated code given to you by the Authenticator app on your phone each time you log in.
You have the option of entering the code every 30 days by checking the box on the login screen.
Making 2FA Mandatory
2FA has been made mandatory in Australia however outside of Australia the laws are different. We recommend however mandating 2FA within your practice to increase security. To set up mandatory 2FA for your practice you will be required to have 'practice admin' privileges.
Go to 'practice settings' and scroll to 'System Settings'. Toggle 2FA for all users.
Please note: Once your country is selected within practice settings it can not be changed. If you have selected Australia by mistake please contact Support@account-kit.com
If you are outside of Australia and no longer want to use 2FA , the process to disable the account is as follows.
The process to disable 2FA for your own profile (if not mandatory) is as follows:
- Go to your name in the top right of your screen and select 'My Profile'
- Scroll down till you see 'Application Settings'
- Click to toggle next to "Enable 2 Factor Authentication"
- You will be shown a warning message asking if you are sure you want to disable 2FA click 'turn off' if you are sure.
Frequently Asked Questions?
See below for resolving various common issues in relation to 2FA.
How do I change my security questions for 2FA?
To change your security questions you will need to scan your barcode again and input a new code. Go to your 'name' click 'my profile' and click on the icon next to the 2FA toggle. This is will bring up the Authentication process again.
What do I do if I don't have access to my mobile device?
If you don't have access to your mobile device select the 'I've misplaced my Authentication app' link at the 2FA log in screen which will direct you to the alternative security page to answer your security questions to log in.
My Authentication code is not working and I'm sure I've entered it in perfectly?
We have had a few instances where our clients had issues with Google Authenticator when setting up 2FA. The most common reason for this was that the device clock they were using was incorrect. Visit this link to check this https://goo.gl/4vFbSL, also if you would like to view other potential 2FA login issues click this link https://goo.gl/XKQRhi
Here is an example of a possible error when setting up.
What do I do if I don't have a mobile device at all?
No problem. There is a number of authenticator applications (free and paid) you can download to your desktop which works in the same way as Google Authenticator. For example Authy is one option;
Download Authy desktop app or get the extension from the Chrome store. Follow the instructions from their website on how to setup and use the application. Generally speaking the process is similar to the setup process within AccountKit.
What happens if I have too many attempts at the security code or security questions?
Failing to enter the correct code 3 times will require you to use your security questions. Failure to enter in the correct security questions will result in your account being locked down.
What do I do if I lock myself out of my account?
You will be required to contact firstname.lastname@example.org to verify your identity.
|Frequently Asked Questions||Follow the link to see questions surrounding 2FA and other tools.|
|Menus & Shared Elements||Follow the link to see our various elements shared throughout the various toolsets.|
|Practice Settings||Follow this link see what practice defaults for the mail register can be customised.|