Skip to main content
Kareo and PatientPop are now Tebra. Becoming Tebra will take time and we appreciate your patience as we transition to the new brand experience.Learn More
Tebra Help Center

Two-Factor Authentication FAQs

Updated: 06/25/2024|Views: 29422

Answers to the most comment Two-Factor Authentication (2FA) questions.

Question Answer
What is Two-Factor Authentication? Two-Factor Authentication (2FA) is a security enhancement that allows users to present two pieces of evidence – their credentials – when logging in to an account. 2FA is a core component of a strong identity and access management (IAM) policy which decreases the likelihood of a successful cyber attack.
How do I enable 2FA? System Administrators needs to complete a few steps to prepare their account for 2FA:
  1. Verify all System Administrators and users of the account has a valid email address and/or mobile phone number in their user account where they can receive a confirmation code.
  2. Authorize users to request Emergency Access in the event a System Administrator is unavailable to unlock a user.
Review the Two-Factor Authentication Preparation Pre-Activation guide for additional details and instructions.

Once the preparation checklist is completed, System Administrators can Enable Two-Factor Authentication.
Is enabling 2FA mandatory? Yes. In an age where data breaches are becoming increasingly common, it’s important to do everything you can to protect your patients’ and practice information including implementing additional security layers. Enabling 2FA for the account decreases the likelihood of a data breach.
How do I update a user's email or mobile phone number? The user's email and/or mobile phone number can be updated through their user account in the Platform or Desktop Application (PM)

Resources:
Can I disable 2FA for the account after it's enabled? No. In an age where data breaches are becoming increasingly common, it’s important to do everything you can to protect your patients’ and practice information including implementing additional security layers. Enabling 2FA for the account decreases the likelihood of a data breach.
Can I enable 2FA for just selected practices instead of all practices? No. Enabling 2FA affects all practices in the account/KID. This means that all users under the account will need to authenticate with 2FA if the setting is turned on.
How does a user log in after 2FA is enabled? Users will be prompted to authenticate after logging in with username and password. They can select to authenticate using their email address or phone number to receive a text message.

Resources:
How often do I need to sign into 2FA? Logging into 2FA successfully will grant you a grace period of 7 days to not have to be authenticated with 2FA again.

However, if you log in from a different location (IP address), then you will be prompted to authenticate again to decrease the likelihood of a successful cyber attack.
How many attempts do I have to authenticate with 2FA? Each user will have 7 attempts to authenticate with 2FA across all of their applications. For example, if a user logs into the Platform and fails 3 attempts, when they log into the Desktop Application (PM), they will have only 4 attempts remaining.

However, a successful authentication will reset the retry attempts back to the default 7 number of tries.
Can I change the number of attempts? No. The default number of attempts is set to 7 and cannot be changed.
What happens when the user has exceeded their retry attempts? The user’s account will be locked. To protect the security of the account, Customer Care is prohibited from unlocking user accounts. The user will need to reach out to their System Administrator to reactivate the user account.
A System Administrator in another practice of the account enabled 2FA, why does it affect my practice and users? 2FA is managed at the account level. If a System Administrator enables it for the account in which your practices is under, then all users for your practice will need to authenticate with 2FA.
Can multiple users use the same phone number to authenticate? We strongly recommend that each user has their own unique number in their user settings. However, unlike email where each user must have a unique email, the phone number can be shared.
Does the verification codes sent by email or mobile phone expire? Yes, verification codes sent by email or phone will expire in 15 minutes or upon successful verification.

If the user request multiple verification codes, they can use any verification code to authenticate within the 15 minutes window.
  • Was this article helpful?