Jane's Guide

Here's all the help you need to use Jane.


Password Best Practices

  1. Security
  2. Password Best Practices

    3. 4 min read
    Balance Plan Practice Plan Thrive Plan Legacy Plans

What makes a strong password or passphrase?

A password is a string of mixed characters. A passphrase is a series of random words strung together (for example, jumpcarseedtownsupport). Passphrases are harder to guess and easier to remember. Either approach works well when you follow these principles:

  • Length: Aim for at least 12 to 15 characters. Jane requires a minimum of 8, but longer is more secure.
  • Complexity: Length matters more than mixing symbols and capital letters, though combining both helps.
  • Uniqueness: Use a different password or passphrase for every service. If one account is compromised, unique credentials limit the impact.
  • Memorability: Choose something you can recall, or store it securely in a password manager.

Frequent password changes aren’t recommended because they often lead to weaker password choices over time. The exception: shared accounts outside of Jane (like a clinic email address) are worth refreshing periodically, especially after a staff member leaves.

Should I use a password manager?

Yes. A password manager is one of the most effective ways to maintain strong, unique credentials for each service you use. Most offer:

  • Secure storage accessible with a single main password
  • Strong password generation
  • Automatic credential saving when you create new accounts
  • Syncing across all your devices
  • Phishing protection, since most managers only fill in credentials on the exact site they’re intended for

Choose a reputable service and protect your password manager account with a strong main password.

Why is 2-Step Verification important?

2-Step Verification adds a second layer of protection beyond your password, making it significantly harder for someone to access your account even if they have your credentials.

📣 Heads up: Once 2-Step Verification is enabled, keep it active. Disabling it means your account can be accessed with only a username and password.

For setup instructions and details on enforcing 2-Step Verification clinic-wide, check out our guide on 2-Step Verification.

Why shouldn’t staff share login credentials?

📣 Heads up: Administrative profiles in Jane are free, so each admin staff member can have their own profile at no extra cost.

Shared credentials create security and accountability risks that are easy to avoid:

  • Security risk: Shared passwords tend to be weaker and are more likely to be stored or transmitted insecurely.
  • Access control: Each staff profile has its own access level. Sharing a higher-access profile means someone may make changes you didn’t intend to authorize.
  • Audit trail: Jane logs changes to appointments, payments, and other records. Shared profiles make it impossible to identify who made a specific change.
  • Staff departures: If a staff member leaves and others have been using a shared profile, you’d need to reset the password immediately to remove their access.

If someone temporarily needs a higher level of access in Jane, adjust their access level rather than sharing credentials.

Still have questions?

Have questions about these recommendations or anything else related to security? Email Jane’s Privacy and Security Team at [email protected].