Setting Up Multi-Factor Authentication
Multi-factor authentication (MFA) adds a second step to your login — your password plus a six-digit code from an authenticator app on your phone. Even if your password is stolen, no one can log in without the code from your device.
MFA is required for every OutSmart account. The setup takes a few minutes; once it’s done, logging in stays just as fast.
Before You Start
Install an authenticator app on your phone. Any of these work:
- Google Authenticator — look for the app with the colourful asterisk logo from Google LLC. Avoid lookalike apps with similar names.
- Microsoft Authenticator
- Authy
- 1Password
- LastPass Authenticator
All of these are free. Download from the App Store (iPhone) or Play Store (Android).
Checking Whether MFA is Already On
Look at the top right corner of any OutSmart page, next to your initials:
| Icon | Meaning |
|---|---|
| Green closed-lock | MFA is enabled |
| Red open-lock | MFA is not yet enabled — set it up now |
Setting Up MFA
- Log in to your OutSmart account.
- Click on your initials at the top right corner.
- Click the red Enable MFA button.
- A window opens with a QR code. Open the authenticator app on your phone and choose Add Account or Scan a QR Code.
- Point your phone camera at the QR code on your screen. The app adds an entry for your OutSmart account and starts generating six-digit codes that refresh every 30 seconds.
- Type the current six-digit code from your authenticator app into the Code field in OutSmart.
- Click Confirm.
If the code matches, MFA is now enabled and OutSmart shows you five recovery codes.
Save Your Recovery Codes
The recovery codes are your backup. If you ever lose access to your authenticator app, each code lets you log in once.
Good places to save them:
- A password manager (1Password, LastPass, Bitwarden) as a secure note
- A printed copy stored in a locked drawer at the clinic
- A second device you control
Bad places to save them:
- A sticky note on your monitor
- An email to yourself
- A shared document anyone at the clinic can read
Logging In With MFA
After MFA is on, every login goes like this:
- Enter your email and password as usual.
- OutSmart shows the MFA prompt.
- Open your authenticator app, find the OutSmart entry, type the current six-digit code, and submit.
If you don’t have your phone handy, you can use one of your recovery codes instead. Each recovery code works only once.
Locked Out of Your Account
A few situations can lock you out of MFA. Each has a recovery path.
| Situation | What to do |
|---|---|
| Lost or replaced your phone without transferring your authenticator | Use one of your recovery codes to log in, then re-enable MFA on the new phone. If you have no recovery codes left, contact us at contact.outsmartemr.com to verify your identity and reset MFA. |
| Deleted the authenticator app or removed the OutSmart entry by accident | Reinstall the app and contact us at contact.outsmartemr.com to re-link MFA. |
| Six-digit codes keep being rejected | The clock on your phone has drifted. Sync your device clock with the internet and try the next code. |
Contacting support when you’re locked out
- Go to contact.outsmartemr.com and send us a message with your full name and a short description of the problem.
- Our reply gives you a way to request a callback if your situation is time-critical.
Once support verifies your identity, they can reset MFA on your account so you can log back in.
Important Notes
- MFA cannot be turned off once enabled — this is by design. Keep your recovery codes safe so you can always get back in.
- Recovery codes are single-use. Once you’ve used one, that code is gone. Use them only when you actually need them.
- OutSmart support cannot retrieve your authenticator codes or recovery codes — they can only reset MFA on your account after verifying who you are.
Related Pages
- Security Overview — what this section covers
- Changing Your Login Credentials — change your login email or password, or recover a forgotten one