Set Up and Use Two-Factor Authentication
Two-factor authentication, also known as 2FA, offers an added layer of security when you log in to your account. Two-factor authentication is so named because it requires two factors, or pieces of information, to verify your identity: your username and password (the first authentication factor) and a token that only you have access to (the second authentication factor). Using your username and password together along with a token that only you know makes it more difficult for unauthorized parties to gain access to your account.
TherapyNotes offers two-factor authentication that requires you to enter your practice code, username, and password as you normally do in addition to a temporary token generated on your phone or other personal device every 30 days or when logging in from a new browser or device.
If you are a Practice Administrator, you may require all users on your TherapyNotes account to enroll in 2FA. For more information, read Require Two-Factor Authentication for All Users.
Before enabling two-factor authentication:
- Verify that you have a two-factor authentication app installed on your device.
- If you do not have an authentication app installed already, visit the app store on your device and install Google Authenticator, Authy, or Duo Mobile.
To enroll a device in 2FA:
- Click the User Icon > Profile
- Under Security & Activity, click Enroll in Two-Factor Authentication.
- Read about 2FA and click the Next button.
- Open the authentication app on your device and select the option to add an account. Use the app to scan the QR code or enter the token provided in TherapyNotes.
- Once your TherapyNotes account is set up in your authentication app, enter the authentication token the app provides.
The next time you log in to your TherapyNotes account, you will be required to enter a 2FA token in addition to your practice code, username, and password. Each browser you use to log in to your account with a 2FA token will be remembered for 30 days.
To retrieve your 2FA token and log in:
- Go to the TherapyNotes login page and enter your practice code, username, and password. Click Log In.
- After your password has been validated, open the authentication app on your device and enter the token it provides you for TherapyNotes.
- Click the Submit Token and Log In button.
Challenges With Two-Factor Authentication
The codes generated by my authentication app aren't working.
You connected an authentication app such as Google Authenticator to your TherapyNotes device, you've entered the code generated by the app correctly, but you're still receiving errors when logging in. What gives?
TherapyNotes and authentication apps rely on the current time to ensure that you're entering the most recently generated code. The time on your device must exactly match the current time for your location in order for everything to be in sync. If you've manually updated the time on your device, you may run into problems.
Ensure that your device automatically sets the time based on your location.
- On Apple iPhone and iPad: Open the Settings app. Tap General > Date & Time. Ensure that Set Automatically is enabled.
- On an Android device: Open the Clock app. Tap More > Settings. Under Clock, select the correct time zone.
If using Google Authenticator, you may need to take an extra step and sync your app's time to your device's time. To do so, open Google Authenticator, tap the Menu button, and tap Settings > Time Correction for Codes > Sync now.
I can't access my authentication token.
If you no longer have access to the device that you enrolled in 2FA, contact your Practice Administrator. Your Practice Administrator can disable 2FA and allow you to begin the process to enroll a new device.
If you are the only Practice Administrator for your account and cannot access your authentication token, please contact our support team for assistance.
If you find that you're still struggling to use 2FA to access your account, 2FA may be disabled by you or your Practice Administrator. Please note that if your Practice Administrator has required 2FA for the entire practice and you disable 2FA for your account, you'll be required to re-enroll the next time you log in.
To disable 2FA:
- Click the User Icon > Profile
- Under Security & Activity, click Remove Two-Factor Authentication.
- Enter your TherapyNotes password and click the Remove button.