Chat with us, powered by LiveChat

Multi-Factor Authentication: Everything Practice Managers Need to Know

Over the past 10 years, veterinary practices have become increasingly dependent on cloud-based services. Whether a foundational part of their IT infrastructure or as part of specific tool it is now almost impossible to find a practice that does not make use of cloud technology.

The changes in the way a lot of practices are now working since the onset of the Coronavirus Pandemic has only increased the use of cloud technologies, as this gives practices more freedom with allowing remote working and reducing contact with staff and clients.



Unfortunately, a lot of people seem to be under the impression that data in the cloud is inherently ‘safe’, but this just simply isn’t true. If not set up correctly it can provide ample opportunities for cyber criminals to access your systems and your data.

In fact, this has become such a big issue that last year the Federal Trade Commission mandated that service providers must improve the implementation of security practices.

Why Veterinary Practices Need Multi-Factor Authentication

The sad fact is that passwords no longer offer the protection that they used to, but by utilising technologies such as Multi-Factor authentication at your practice can help secure your cloud data against breaches due to lost or stolen credentials. In fact, you can secure any app you are using with just one step!

Multi-factor authentication provides one or more extra layers of authentication to your password by using a token that is sent to a special device or a special code sent to a trusted mobile device. The probability is that you have already used MFA in some form, most likely when logging into online banking.

Your passwords can be easily compromised but having MFA set up means that the authorisation to access your data can be prevented even when an intruder knows your password as they won’t have access to the secondary authentication layer. Essentially MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application.

What MFA Options do Vets Have?

There are many methods by which MFA can work, we’ve outlined the most common below:

  • Microsoft Authenticator – Approve sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes. Augment or replace passwords with two-step verification and boost the security of your accounts from your mobile phone.
  • Windows Hello for Business – Replace your passwords with strong two-factor authentication (2FA) on Windows 10 PCs. Use a credential tied to your device along with a PIN, a fingerprint, or facial recognition to protect your accounts.
  • FIDO2 security keys – Sign in without a username or password using an external USB, near-field communication (NFC), or other external security key that supports Fast Identity Online (FIDO) standards in place of a password.
  • Hardware tokens – Automatically generate a one-time password (OTP) based on open authentication (OATH) standards from a physical device.
  • Software tokens – Use the Microsoft Authenticator app or other third-party apps to generate an OATH verification code as a second form of authentication.
  • SMS and voice – Receive a code on your mobile phone via SMS or voice call to augment the security of your passwords.

What impact will rolling out MFA have at your practice?

A lot of platforms, such as your PMS, should include some form of MFA as standard and at no additional cost to the user. This is usually because they want to do what they can to reduce breaches happening on their platform, as that’s not good for business. However, there is an issue with these as they are often limited or restricted versions.

Another issue this presents is that your team are likely to have to use MFA to log into each and every platform, which could become quite disruptive and most definitely very frustrating for the end user. This headache could be mitigated by ‘conditional access’.

Conditional Access lets you write policies that allow, deny, or limit access based on the circumstances. In the riskiest situations, you can automatically block access. For other conditions, you can require a specific action first before allowing access. For example, if a user tries to sign in on an unknown device, you can require device enrolment before granting access. However more specifically you could disable the requirement for MFA should users login at one of your locations, making it easier for them. This allows you to optimise productivity, while boosting security.

How to Set up Multi-Factor Authentication at your Practice

Once you’ve decided that you want MFA at your practice, a good IT support company will talk you through your options. If you utilise Microsoft 365 subscriptions or Google Workspace, they both offer services that may be able to ‘manage’ your MFA protocol via one system instead of many, making the user experience a lot easier. They will also be sure to send out a communication in advance so that your team are aware of the next steps and how to use the system.

There might even be a little resistance from team members that might not really see the value in MFA and view it as a hinderance rather than a help. Any support team worth their salt will be able to clearly educate your team about why MFA is an essential part of your data security and might even offer this as part of a wider security education program for your team if you wish.

How much will MFA cost?

There are a multitude of MFA systems out there to choose from, so the cost does vary dramatically.

As we said earlier, a lot of platforms do already include some form of MFA as standard, but this might become cumbersome if you use lots of platforms with their own MFA in your practice.

To ensure that you are getting the most security and protection from MFA, whilst limiting the effect on your team and cost to your business we would recommend Microsoft 365 and Google Workspace. These offer a paid platform which will integrate with most third-party platforms (such as your PMS) so that your users can use one username and one password and you can control parameters, such as location.

If you have Microsoft 365 premium subscriptions then MFA will already be included in the cost, but if you don’t this will set you back £4.47 per user per month.

If your practice uses Google Workspace you will need at least the Business Starter subscription to access their MFA platform which will set you back USD$6 per user per month.

As always, if you have any questions our team of Veterinary IT Experts are here to help, you can book in a chat with them here at a time that suits you.