Login Security: Password Expiration and Two Factor Authentication

  • Updated

Super Admins can configure key login security features like automatic password expiration and two-factor authentication to help prevent unauthorized access to the Kipu EMR. 

Let's review how to configure these options. 

  1. Click on your initials and choose Manage Users.
    mceclip0.png
  2. Open the Security tab. mceclip1.png
  3. Password Expiration: HIPAA requires that users of EMR systems change their password every 90 days. Your organization may set an expiration in days that abides by your Policies and Procedures. mceclip2.png
    • Days until password expires: Enter how many days a user can log in with a password. After this number of days has passed the user will be required to create a new password.
    • Days to remind user of upcoming password expiration: Enter the number of days before the password expiration. This displays a message on the user login page reminding them of the upcoming change. 
  4. Two-factor Authentication: When logging into the EMR from a new device or browser, the user is required to request and enter a six-digit authentication code, sent by SMS or email (as set up in the user's profile) before they can access the EMR. Click the button to enable. mceclip3.png
  5. You can choose how frequently your users will be required to perform authentication (to a maximum of 180 days). Click Save 2FA Expiration Settings to save your changes.
    1. Note: Instances with MFA enabled will require users to enter a two-factor authentication code the first time they log into the instance.

Was this article helpful?

8 out of 19 found this helpful