What is an One Time Passwords(OTP)?
A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session.
An OTP is more secure than a static password, especially a user-created password, which can be weak and/or reused across multiple accounts.
Why use an One Time Passwords(OTP)?
A One Time Password plays an important role in 2 factor authentication, as it adds an extra layer of security by allowing us to strongly authenticate that the person logging in is the user, blocking malicious login attempts.
How does Injection Manager use One Time Passwords(OTP)?
Injection Manager uses One Time Passwords(OTP), to authenticate the doctors who wish to approve prescriptions, so that patients can be ensured that their prescription was approved by the appropriate authority.
Users of Injection Manager can also choose to enable OTPs for when they log into their account, providing an extra layer of security for them.
Enabling One Time Passwords(OTP) for your User Account
Step 1:
Navigate to the top right of header, and click on your profile icon. After doing so, a drop down menu will open. Click on Profile.
Step 2:
After entering into your user profile, scroll down until the OTP section.
Expand the OTP section.
Step 3:
In order to enable One Time Password, check the box that says Enable OTP for account.
OTP Using 2-Step Verification Apps
In order to use OTP with 2-Step Verification Applications such as Google Authenticator or Authy, the user should scan the QR code shown using their Authenticator app, to add a new account inside the app.
OTP Using Email & SMS
By ticking the check boxes, users are able to select whether:
- Their OTP will always be sent to their email when prompted.
- Note that the email account used will be the email indicated under the Account Section under Profile.
- Their OTP will always be sent to their SMS when prompted.
- They will be prompted for an OTP at login.
- They will default to private view at login.
- In Private view, Doctors and Staff will only see patient records associated with them, or patients that have not been assigned doctor/staff.
OTP Using Yubikey
If the user is in possession of a Yubikey, they are able to use it as a means of 2-Step verification by simply entering the serial number of their Yubikey in the provided field.
Step 4:
In order to save all changes made, users have to click the save button at the bottom of the page, upon which a notification will pop up informing users that their account has been updated.