Two Step Authentication on Login


What Is Two-Step Authentication?

Two-step authentication is a process that protects the data in your account from devious hackers or unprotected devices. With this extra step, if your password gets stolen by a hacker, he would still need access to your physical mobile phone before he could successfully log in to the software. For physicians who log in to the app using multiple devices and work from various locations, this extra log in step provides an additional layer of security.

Types of Two-Step Authentication

Atlas.md offers two different types of two-step authentication:

  • Authenticator app based: this is the more secure option for two-step authentication. You install an application on your mobile phone and that application will generate new secure codes every 30 seconds.
  • SMS based: this is very secure and convenient as well, but a little less so because it relies on security codes being transferred through your phone carrier. Before enabling two-step authentication, it’s important to verify that all users on the account have valid physical mobile phone numbers entered to ensure the security code can be successfully sent.

After enabling any of the options above, all users in your account will be required to complete the two-step process upon their next login. They will be prompted to enter a security code, which would be the number shown at the Authenticator App at time of login or the code sent to their phone through SMS.

Users get the option to remember the device for 3 months for convenience. This should only be used on non-shared devices.

Recommended Authenticator Apps

We recommend Authy because it has powerful security features, such as the ability to lock the app through a separate password or biometric authentication (Touch ID, Face ID, etc.). Authy also offers backup options so you can use more than one device or move to a new phone easier.

Google Authenticator is a secondary option as well.

How to Activate or Deactivate Two-Step Authentication

Only Account Administrators have permission to enable or disable this feature. Go to Account > Settings > Security to activate or deactivate two-step login authentication. The feature is deactivated by default.

Still stuck? Shoot us an email and we'll do our best to help.