We have a number of systems in place to protect your EHR login process, including:
- Requiring strong passwords
- Anti-brute-force monitoring (accounts will lock after a number of unsuccessful login attempts)
- SSL/HTTPS enforcement
- Password hashing (so no one, not even us, can see your password)
- IP Monitoring/Firewalls to prevent traffic from certain regions and IPs
However, we have two additional security measures that individual users can configure to protect their account even further. Both of these options can be accessed under Settings > My Security Settings and are outlined in further detail below.
Two-Factor Authentication (2FA)
One of the most effective things you can do to protect your account is to make sure that your staff enable Two-Factor Authentication (2FA) on your accounts. This dramatically improves the security of your logins, and makes sure that if someone does get your username and password, they'll still be unable to log in.
To get started, go to Settings > My Security Settings and follow the prompts from here for Two Factor Authentication:
You'll be able to have your browser "remember" you so that you don't have to enter the code every time you log in unless it's from a new browser.
If you need to disable this for some reason in the future, just hover over your initials again and select Two Factor Authentication and it will allow you to remove this protection.
Password Recovery Email
In the event that a user forgets their password, they can reset this from the "Forgot Password" page of the main login screen of the EMR as long as they have both 2FA enabled and a Password Recovery Email setup. In order to reset their password, they would then need to verify a code sent to their recovery email, and then will also be required to enter a code sent to their 2FA mobile number to login with that new password for the first time.