Keeping your information secure is always at the forefront of everything we do. That's why HealthKit now offers you the option to set up two-factor authentication for your HealthKit account and practice group.

What's two-factor authentication (2FA)?
Two-factor authentication, or 2FA, is an extra layer of security for your HealthKit designed to ensure that you're the only person who can access your account, even if someone knows your password.

Two-factor authentication is optional for HealthKit and it helps ensure the security of online accounts beyond just a username and password by using a second verification process, which includes: SMS, email or Google Authenticator.

Let's start by learning how to set it up. Then we'll show you how to sign in to HealthKit using your preferred authentication method.


Learn how to set up two-factor authentication (2FA) for your account

Two-factor authentication is optional by default unless it's made mandatory in your practice group settings.

You can choose to enable it by selecting how you'd like to have your access verified. HealthKit offers you the option to do it via SMS, email, or using the Google Authenticator app for iOS or Android devices.

Follow the steps below to set it up:

1. Go to the Profile tab > Users;
2. To edit your Authentication Preferences, locate your user details and click on the cog wheel symbol;

3. Select SMS, Email or Google Authenticator;

4. Click Validate.

Validating your preferred two-factor authentication
To finish setting up your two-factor authentication you now need to validate your preferred authentication method:

1. Enter the six-digit code received via SMS, email or Google Authenticator (after you scan the QR code with the Google Authenticator app).

If you've selected email as your preferred authentication method, you will receive an email like the one below with a unique six-digit code.

2. Simply copy the code received by email, SMS or via the Google Authenticator app, and copy/enter on the verification field and click Submit.


Two-factor authentication - What changes when I sign in to HealthKit?

After you have set up two-factor authentication for your account, you will go through a two-step process every time you sign in to HealthKit:

1. Enter your email and password, click Login; then
2. Enter the verification code received via email, SMS or through the Google Authenticator app.
3. Click Submit.

You will receive the verification code via the preferred method you set up in your HealthKit account.


Two-factor authentication status

You've probably noticed the Current status information when setting up your authentication process.

Here's what each status mean to you:

Not setup: Two-factor authentication has not been set up at yet.

Activated: Two-factor authentication has been turned on, i.e. it has been activated by you or another user with full access. Set up is still required, so you will need to select the preferred authentication method and validate it.

Pending: You've started the set up process, but it's pending until the verification code is entered to validate your preferred method.

Enabled: You've entered the verification code and now the two-factor authentication process is now enabled and available for when you sing in next.


Setting up two-factor authentication for your practice group

If you have a full access account, you can set up two-factor authentication for yourself, your group, and practitioners in your practice.

Learn how to set up two-factor authentication for your practice group