MFA adds an extra layer of security to your account. All staff accounts require MFA.
- TOTP via authenticator app (recommended) — Google Authenticator, Microsoft Authenticator, Authy, or any TOTP-compatible app
- Log in to the system with your username and password
- On your first login (or when prompted), you will see the MFA setup screen
- Open your authenticator app on your mobile device
- Scan the QR code displayed on screen
- Alternatively, click Cannot scan? to reveal a setup key you can type in manually
- Enter the 6-digit code from your authenticator app to verify
- Save your recovery codes (see below)
- Click Confirm — MFA is now active
When you enrol in MFA, the system generates 8 one-time recovery codes.
- Each code can be used once to access your account if you lose your device
- Store them somewhere safe (e.g. a password manager, printed and locked in a drawer)
- If you use all recovery codes, new ones can be generated by a Practice Manager from the Staff page
If you lose your phone or cannot generate a code:
- Contact your Practice Manager — they can generate new recovery codes for you
- If you are the Practice Manager and cannot access your account, contact VeriPath support
- Never share your MFA codes or recovery codes with anyone
- Do not use SMS-based MFA if available — authenticator apps are more secure
- If you get a new phone, re-enrol MFA before disposing of the old device
- If you suspect your account is compromised, change your password immediately and contact your Practice Manager