Protecting your clients’ information is one of the most important parts of running a professional massage therapy practice. Two-Factor Authentication (2FA) is a simple security measure designed to help you do exactly that. Here’s what to expect:
What Is Two-Factor Authentication?
Two-Factor Authentication adds one small extra step every 30 days during sign in. In addition to your password, you’ll confirm your identity through your email. That’s it.
This extra step makes it significantly harder for anyone else to access your account, even if they somehow get your password.
What Will Actually Change for You?
For most users, 2FA simply means that when you log in on a new device (or after an extended period of time):
You’ll receive a message in your email.
You’ll enter the code to confirm it’s you.
By default, you’ll only need to re-authenticate every 30 days on a device you regularly use. Logins between this interval will not require a code.
You can customize this timeframe in your Two-Factor Authentication settings if you’d prefer a longer duration. The custom time frame will apply only to Business Owner accounts, staff will be required to authenticate every 30 days.
Important: You Will Not Have to Do This Every Time You Log In
Once you authenticate a device, you won’t be asked again until your selected timeframe expires. Timeframes expire based on the time of day you last authenticated the device, and you will be signed out of your device at this time.
We recommend completing your initial device authentication outside of business hours so you’re not interrupted if you’re prompted to re-authenticate.
Why Are We Requiring This?
Your clients trust you with sensitive information, including:
Contact details
Appointment history
Health and medical information
Intake forms
If someone were to gain access to your account, they could:
Message your clients directly
Access private health information
Download client data
Use that information to spam or scam them
Two-Factor Authentication helps prevent that. It ensures that even if someone guesses or steals your password, they still can’t get into your account without access to your email.
Our Goal
We understand that any new requirement can feel frustrating. Our goal is not to make your day harder.
This is an industry-standard security measure and a basic expectation for businesses that store personal and medical information.
When clients share their health history with your practice, they expect reasonable safeguards in place. 2FA is one of the simplest and most effective ways to meet that expectation.
Think of it this way:
If you were sending your own medical information to a provider, you’d probably want to know they had basic security protections in place.
Two-Factor Authentication is one small hoop that protects both you and your clients.