If Multi-Factor Authentication feels like a mouthful, we can help! Let’s walk through what you need to know to keep your staff profile secure.
🚨 Heads up: Disabling 2-Step Verification in Jane could have compliance or regulatory implications and could impact your ability to make a claim on your practice’s cybersecurity insurance policy.
What is MFA?
Multi-Factor Authentication (MFA) means that you need to be authenticated using multiple factors, like:
- 🧠 Something you know (Password)
- 📲 Something you have (SMS, authentication code)
- 🧬 Something you are (Biometrics)
At Jane, our 2-Step Verification feature uses multiple factors: something you know (your password) and something you have (a verification code). Because of that, it meets the definition of Multi-Factor Authentication. That’s why you may see the terms Multi-Factor Authentication and 2-Step Verification used interchangeably.
Think of your Jane login as the front door to your clinic and your password as the key. Keys can be stolen or copied without you knowing, so using MFA is like installing a security alarm that requires a key code. Someone with your key can’t get past the alarm because only you have the code.
So even if your password gets compromised, someone can’t access your Jane account without your verification code (which you should never share).
Why do I need MFA?
It goes without saying that there’s a lot of sensitive information in your Jane Account:
- Patient or client health records
- Appointments and schedules
- Billing info and payments (Though Jane Payments doesn’t store any credit card information in Jane)
- Personal contact details for your staff and clients
Even if you practice good “password hygiene” like using long, unique passwords that are stored securely and changed periodically, passwords can still be guessed, stolen, or phished.
MFA helps to protect you and your clinic from:
- Data incidents or breaches
- Practitioner insurance issues
- Account takeovers
- Compliance and legal complaints related to unauthorized access
- Reputational harm or damage
- Financial costs
These days, it goes without saying that MFA is a reasonable and appropriate measure to protect PII and PHI.
Is MFA hard to use?
Nope! It might sound technical, but once it’s set up, it takes just a few seconds when you log in. After entering your password, you’ll get a prompt to enter a code:
- From an SMS message
- Or from an app like 1Password or Authy (check out our FAQ for common authenticator apps that work with Jane)
You can even choose to remember a trusted device, so you’ll only need to enter your code every 30 days.
That’s it!
A quick note on enforcing MFA clinic-wide
We strongly recommend that all clinics have 2-Step Verification enforced clinic-wide (even for solo practitioners) so that all staff members have an extra layer of security on their profile from day one.
Even if you’re the only staff profile on your Jane account, you may need to provide access to contractors or more staff as your clinic grows. Enforcing 2-Step Verification clinic-wide ensures all logins are protected from the start.
What if I get locked out?
Full Access Users in your Jane account can pause 2-Step Verification if someone is having trouble logging in.
You’ll also receive a recovery code when you first set up 2-Step Verification. That’s your backup key that you can use instead of your verification code. Store it somewhere safe, just in case.
Final thoughts
MFA isn’t about making your life harder. It’s about protecting the trust your clinic is built on. Taking five minutes to turn on 2-Step Verification today could save you from a lot of stress down the road. If you’ve been holding off, now’s a good time.
And if you get stuck, we’re always here to help at [email protected].