A new security feature: account-wide 2-factor authentication (optional, but recommended!)

We’ve introduced a new optional feature—if you’re an account administrator, you can require all users to enable 2-factor authentication. This is an account-wide setting that, if turned on, will mean that each and every user on your account must set up 2FA.

Why is 2FA important?

Cliniko’s servers and infrastructure are very secure, but if someone knows your email address and password, they could log into your account—and that’s not something anyone wants.

We want to give you the tools to help keep your account (and patient information) locked down. While each user has their own email address and password, 2FA adds another layer of security (a second factor, if you will)—meaning that the person logging in needs to also have their mobile phone, with the 2FA app installed (and the unique code that’s generated by that app), in order to finish the sign-in process.

You can read more about why 2FA is important here.

How to set this up in Cliniko

:point_up:Note: While this is an optional setting, we strongly encourage you to turn it on.

You can find it in Settings → General settings, under “Security”:

If you tick that box, every person who uses your account will need to enable 2FA immediately. They will also be prompted to add a phone number if they haven’t already done so:

After that, the regular steps for setting up 2FA will need to be followed. As a reminder, those can be found here.

:point_up:Note: because the requirement to enable 2FA will occur immediately, you may wish to consider enabling this setting outside of business hours. That way, anyone using Cliniko won’t be interrupted and prompted to set up 2FA it in the middle of, say, writing a treatment note!

As usual, if you have any questions on any of this, let our support team know. We’re happy to help! :hugs:

1 Like