Healthcode Account
Healthcode Account | Adding 2FA
What’s 2FA?
2FA is an access management method that we’ve implemented – and will soon be mandating – to add an additional layer of security to the data held in your Healthcode Account. Put simply, 2FA needs two forms of identification to be inputted before you log in – the first is your login credentials (username/email address and password) and the second is the code that’ll be generated using your mobile phone.
Getting started
If you want to set this up before we mandate it you’ll see a splash screen when you log into your Healthcode Account. Simply click Set Up to get started. If the splash screen isn’t there, just click the person icon in the top right-hand of the screen, select My Account from the menu and then select Two-Factor Authentication from the left-hand menu.
Once we’ve mandated 2FA you won’t be able to log in until you’ve set up at least one method – simply follow the instructions on screen.
You can choose one or both methods to generate the code using your mobile phone – we recommend using a TOTP (Time-based One-Time Password) authenticator app as this is the most secure option. There are many free options available e.g. Google Authenticator, Microsoft Authenticator, DUO etc, so just download the app of your choice.
The text (SMS) option is less secure but may be more convenient, especially if you don’t want to use an app.
Once you’ve added one method, you can just add the other if you want and can even use a different phone.
Generate a code using an authenticator app
You must first download an authenticator app from Google Play or the App Store. Open the app on your phone and go to where you can add an account or a verified ID.
In Healthcode Account click Set up. Depending on the app, it’s easier if you scan the QR code directly into the app but we also give you a code for you to add manually. Follow the instructions in the app to add an account or verified ID and then enter the generated code in the spaces provided. The code will regenerate every 30 seconds so it’s important that you enter it before it expires. Click Next.
Copy or download your Recovery Codes now or later – more info is given below – and then click Finish. You’ll be taken back to the Two-Factor Authentication page and this method will be shown as Configured.
Generate a code using text
Click Set up. Enter the mobile number you want to use – the system defaults to the UK dialling code but if you want to use a mobile from another country, just pick it from the drop-down list. Click Next.
Enter the code that’s sent to your mobile in the spaces provided. If you don’t get a code you can get the system to send another – if you do this straight away you’ll initially get the same code and the system will then resend you a new one after 30 seconds. Click Next.
Copy or download your Recovery Codes now or later – more info is given below – and then click Finish. You’ll be taken back to the Two-Factor Authentication page and this method will be shown as Configured.
Added both methods?
The system will automatically make the last one you set up your Preferred Method. It’s easy to swap to the other one by simply clicking Set as Preferred.
Recovery codes
There are twelve recovery codes and these are the same whether you use one or both 2FA methods. You should copy and paste or download these – keep them safe on your computer as you can use one of these to access your account if you don’t have access to your phone.
Once you’ve used all of them, or you think your saved list may have been compromised, you can generate a new batch by clicking Regenerate Codes and then Generate. Your old codes will no longer work.
If you lose your recovery codes, get in touch – we’ll be able to help once we’ve verified who you are.
Now, see how to log in using 2FA.
Need more support?
If you need further support just get in touch with us.