Authentication is typically the process of proving a user’s identity. Users validate their identity by providing their credentials, often a username and password. The ‘user' in ieso’s context can be a patient, therapist, supervisor, support team member, etc.
Multi-factor authentication (MFA) is a verification method that requires more than one type of validation. There are three types of authentication factors, typically; 1. Something you know (e.g. a password), 2. Something you have (e.g. a smartphone), 3. Something you are (e.g. biometrics).
Multi-factor authentication is widely recognised as one of the most effective ways to protect data and accounts from unauthorised access. MFA is also a requirement under the NHS Digital Technology Assessment Criteria and is necessary for any NHS digital services; since ieso works with NHS patients, we are required to implement MFA.
MFA works by requiring additional verification information. Depending on the way you set it up for your ieso platform login, this additional factor is generated by an authenticator app or sent as a text message. Generally, authenticator apps are considered more secure than text messages.
During the MFA setup process, a recovery code is provided and users are strongly encouraged to note it down (there is a prompt from the system). This code can be used to login in the event of losing your phone. In the event that this fails, contact firstname.lastname@example.org but please note that it may take some time to resolve and it will be necessary to setup your MFA method again.