Click here to view the Foothold Care Management MFA Training
What is MFA?
Multi-factor authentication is a common way to add an extra layer of security to applications with highly sensitive data. You might have used it for online banking and it’s optionally available for many email providers like Gmail. If you haven’t been introduced before, the concept is pretty simple—in addition to using a username and password to log in, you are required to provide an additional piece of proof that you are who you say you are. This is typically done by linking your account to a device you own, like a phone, and confirming that you have access to that device each time you log in by entering a single-use code that’s either generated by that device or sent to it via SMS. This makes things difficult for hackers, because knowing your username and password will no longer be sufficient to access your account—a hacker would need that information plus the single use code.
Setting up MFA (first time Users)
Here is what first time Users will see upon logging into FCM: (Note, this is not the QR Code you should be scanning, this is only an example. The QR Code you should be scanning will be found under your own settings, found in My Settings, once logged into FCM.)
Existing users will already have the option to receive their MFA code via email, by default. Please see below for the different ways Users can receive their MFA codes. There are currently three options for MFA.
1) Authenticator app
- You can download a free authenticator app such as Authy or Google Authenticator (both are linked on the page when you log in).
- This is the most secure option where the app generates a new code for each login that is only valid temporarily.
- Once you have downloaded this app onto a mobile device, there should be an “Add Account” button that will let you use your camera, aimed at the QR code found under My Settings, which is unique to every User, to finish setting up MFA. The following example is a screenshot from Authy (other authenticator apps should look similar):
- Once it is set up, each time you log in, you’ll need to open the app and enter the 6 digit code into the prompt that says “Please Enter Your Code”
- If you do not have the ability to download any apps on your device, you can receive the code via email by clicking, “Get your code by email.”
- You can click on the link to get your code by email and you will receive an email with the code that you can enter.
3) Text message
- If you do not have the ability to download any apps on your device, you can receive the code via SMS by clicking, “Get your code by SMS.”
- There’s a catch though! We haven’t, to date, collected the phone numbers of users under their user profile.
- This is separate from the phone numbers entered as Care Manager Info, so even if you have a phone number entered as a Care Manager, you would need to follow the steps below to set this up.
- In order to set this up, you’ll need to go into “My Settings” and click Edit to add your phone number like so:
- Once you’ve added your phone number, you should see the “Get your code by SMS” link on the MFA page after logging in.
When logging in, Users will be prompted to enter a code, which can either be generated in the authenticator app, received in an email, or received via text message. Users can select Remember this device for 24 hours, which will allow Users to not have to enter a new code each time a log in is done for up to 24 hours on the same device.
If you need further assistance, please reach out to email@example.com