Setting up Multi-Factor Authentication (MFA/2FA)

4 minute read

Multi-Factor Authentication (MFA), a.k.a Two-Factor authentication (2FA), adds a second authentication step when you sign into an application, typically requiring another device such as your mobile phone or tablet. This additional step significantly improves the security of your account and we always recommend CareHQ users set up MFA/2FA when possible.

How does MFA/2FA improve security?

With MFA/2FA enabled against your account, after you sign in using your email and password you'll be asked for a 6-digit code known as a one-time password (OTP, TOTP). This code is generated by an app, typically on your phone or tablet, and changes every 60 seconds.

This additional step means that if a scammer / hacker discovers your password, they still won't be able to access your account as they need the 6-digit code that can only be viewed using the app on your phone/tablet.

Good to know

Never send or give anyone your 6-digit code (OTP, TOTP). A common tactic used by hackers and scammers after discovering someone's password is to phone, email, or SMS the target pretending to be a trusted third-party, for example a member of your IT support team, and insist that the you send them the 6-digit code so that they can help you with an urgent matter regarding your account.

There is never a legitimate reason for someone to ask you for your 6-digit code; anyone asking for the code is almost certainly a hacker or scammer.

Do I have to set up MFA/2FA for my user account?

It depends. MFA/2FA can be set as required for all users at the request of the account owner. If this is the case then you'll be required to set up MFA the first time you sign in to CareHQ.

However, even if MFA/2FA isn't required then you will still have the option to enable MFA for your own user account. We always recommend users enable MFA for their accounts where possible, as it significantly reduces the risk of a data breach.

How to set up MFA/2FA for your user account

To set up MFA for your user account follow the instructions below:

Good to know

You will need to install a MFA/2FA authentication app on your mobile phone or tablet before enabling MFA/2FA for your account. We recommend the Google Authenticator app which is free to install and available on both Android and iOS platforms.

  • Select your name in the primary navigation to open the user menu.
  • From the user menu select the Security option.
  • Within the 2-Factor authentication section of the page select the Enable 2FA button.
Screenshot of the security settings page for a user account
  • Open your MFA/2FA authentication app on your mobile phone or tablet.
  • Within your MFA/2FA authentication app select to add a new 2-step verification with a QR code.
  • Scan the QR code displayed on your screen (this is unique to you, do not scan the QR code below).
Screenshot of the enable MFA/2FA form
  • After scanning the QR code enter the 6-digit code for CareHQ displayed within your MFA/2FA authentication app, then select the Enable 2FA button.
  • The next screen will display a grid of 16 recovery codes. We recommend you Download the recovery codes and store them somewhere safe.
Good to know

Recovery codes can be used instead of the 6-digit code from your phone or tablet in an emergency, for example if you left your phone at home and need to access CareHQ while at work.

Each recovery code can only be used once. If you are running low on recovery codes you can generate a new set of codes at any time.

A grid of recovery codes for MFA/2FA authentication

At this point you have successfully set up MFA/2FA for your user account; the next time you sign in to CareHQ you will need to complete an additional authentication step where you will be asked for a 6-digit code from your mobile phone or tablet.