As part of our dedication to continuous improvement and best practices, we recently hired a third-party security expert to assess our processes. While our servers are already secure enough, one of the recommendations to strengthen our security was to introduce two-step authentication to Preadmit.

If you are not familiar with the term yet, two-step authentication is a process where a code is sent to your mobile phone whenever you sign in to a system, then you have to enter that SMS code in order to complete login. You have probably encountered this system when dealing withinternet banking.

Seeing the value of this system, we have decided to implement two-step authentication in the next Preadmit update. To give you a better understanding of how this works and how it affects you, we have answered some questions that you might have.

Can I disable it?
To make sure that personal health information is always protected, we have decided to make two-step authentication mandatory. This ensures that potential hackers do not have the option to disable this feature.

Do I have to enter the code all the time?
If you regularly use the same computer to login to Preadmit, you can select the “Remember me” box so that you won’t be asked for an SMS code when you login. After 30 days however, you will be asked for an SMS code again. Note that this is browser-specific, so if you use a different browser–even if within the same 30-day period–you will be asked for an SMS code again.

Will patients also need to get an SMS code?
In the interest of keeping the process quick and easy for patients, we are not going to enable two-step authentication for the patient portal. This mandatory feature is only applied to hospital portals, which house the personal data of your patients.

What if I lose my mobile phone?
Your hospital administrator (or anyone else that was assigned an administrator role) can login to the hospital portal and reset the mobile number.

What if I lose my laptop that had a saved session?
If you ticked on the remember me box, anyone who has access to your laptop/computer can theoretically access your account, if they know your password; remember its two step, so your password is still the first step to login. To combat this, you can log into your hospital portal and wipe out all your saved sessions. This forces anyone who logs in using your lost laptop to enter an SMS code.

What else is new?
We will also be limiting the number of failed attempts allowed. If a bot tries to guess your password, after 5 consecutive failed login attempts, Preadmit will ask for a Capcha code, to ensure that it is a real person that is logging in. After 10 failed attempts, you will be locked out for 5 minutes.

When will the update be available?
We are planning to release the next update in 1-2 weeks. Your Preadmit will automatically update itself when it becomes available.