Two-Factor Authentication FAQs

Last updated
Save as PDF

Updated: 07/03/2025 | Views: 43755

Answers to the most comment Two-Factor Authentication (2FA) questions.

Question	Answer
What is Two-Factor Authentication?	Two-Factor Authentication (2FA) is a security enhancement that allows users to present two pieces of evidence when logging in to an account. 2FA is a core component of a strong identity and access management (IAM) policy which decreases the likelihood of a successful cyber attack.
Is 2FA mandatory?	Yes. In an age where data breaches are becoming increasingly common, it’s important to do everything you can to protect your patients’ and practice information including implementing additional security layers.
Can I disable 2FA for the account?	No. To minimize security vulnerabilities such as viruses, hackers and other cyber attacks, Two-Factor Authentication (2FA) is required for all users.
How do I update a user's email or mobile phone number?	The user's email and/or mobile phone number can be updated through their user account in the Web Platform or Desktop Application (PM) Resources: Web Platform: Edit Provider User Account or Edit User Account Desktop Application (PM): Users
How does a user log in?	Users will be prompted to authenticate after logging in with username and password. They can select to authenticate using their email address or phone number to receive a text message. Resources: Web Platform: Log into Tebra Desktop Application (PM): Log into Tebra Desktop Application (PM)
How often do I need to sign into 2FA?	Logging into 2FA successfully will grant you a grace period of 7 days to not have to be authenticated with 2FA again. However, if you log in from a different location (IP address), then you will be prompted to authenticate again to decrease the likelihood of a successful cyber attack.
How many attempts do I have to authenticate with 2FA?	Each user will have 7 attempts to authenticate with 2FA across all of their applications. For example, if a user logs into the Platform and fails 3 attempts, when they log into the Desktop Application (PM), they will have only 4 attempts remaining. However, a successful authentication will reset the retry attempts back to the default 7 number of tries.
Can I change the number of attempts?	No. The number of attempts is set to 7 and cannot be changed.
What happens when the user has exceeded their retry attempts?	The user account will be locked. Resources: Web Platform: User Account Locked. The user needs to reach out to their System Administrator to reactivate the user account. Desktop Application (PM): User Account Locked. The user needs to reach out to their System Administrator to reactivate the user account. To protect the security of the account, Customer Care is prohibited from unlocking user accounts.
Can multiple users use the same phone number to authenticate?	We strongly recommend that each user has their own unique phone number in their user settings. However, unlike email where each user must have a unique email, the phone number can be shared.
Do the verification codes sent by email or mobile phone expire?	Yes, verification codes sent by email or phone will expire in 15 minutes or upon successful verification. If the user request multiple verification codes, they can use any verification code to authenticate within the 15 minutes window.