Skip to main content

Set up two-factor authentication

2FA protects your account with an additional layer of security

Two-factor authentication (2FA) protects your account and is mandatory when using splose.

If your password is compromised or stolen, you can have peace of mind knowing that no one can access your account without the code sent to the authenticator app on your device.

Important: Workspaces with SSO enabled are exempt from Splose 2FA requirements, as authentication and 2FA are handled by the SSO identity provider (e.g., Google Workspace, Microsoft 365).


How 2FA works

2FA is configured for the workspace by the account owner or administrator, and once set up all team members must have 2FA enabled to access the workspace.

2FA operates through code generation with an authenticator app. A consistent set of access codes are generated based on the unique QR code provided when you set 2FA up. Network access is not needed to continue to generate those codes.

Once you've set up 2FA, each time you log in you will be asked to provide a code generated by your chosen authenticator app.

Your log in details will be remembered for 7 days, after which you will need to sign in to your splose workspace again. You will need to enter your email and password, as well as a one-time, unique verification code sent to an authenticator app on your chosen device.

Important: users within a workspace that hit 7 days without 2FA enablement will be blocked from further access until setup is complete.


Before You Begin

You will need an authenticator app before you set up 2FA.

Please see the table below for recommended authenticator apps and download links for your respective app stores.

You're not limited to the apps listed, but they've been vetted for transparency, encryption, and independent audit results.

We will continue to monitor security events and audits to ensure the security and reliability of the 2FA apps.

Please note that we recommend using dedicated authenticator apps, as opposed to password managers such as 1Password, because they keep your password and 2FA codes in separate places, further ensuring account security.


How-to

Enable 2FA for your workspace

Only account owners can enable 2FA for a workspace.

Enabling 2FA for your workspace makes enabling 2FA a requirement for both new and existing users within your workspace.

To enable 2FA:

  1. Go to My account in the top right of the page

  2. Then Account security

  3. Click Enable 2FA

  4. Ensure you have downloaded an authenticator app, then open the app and scan the QR code

    Screenshot of splose workspace settings showing the two-factor authentication setup screen with QR code

  5. Enter the authentication code sent you your phone and click Enable 2FA for your workspace

After you've done this, users who don't have 2FA enabled will be prompted to set it up when they log into their workspace.

You'll need your authenticator app each time you log in so keep your phone handy when accessing splose.


Enable 2FA for your account

For team members who are not account owners or administrators, the owner of your workspace will enable 2FA, which you will then be required to enable for your own account.

Those new to the workspace will be prompted to set up 2FA when they sign in for the first time. Existing users will be prompted to enable 2FA from within their account or when they sign in if they are logged out.

To enable 2FA for your account:

  1. Go to My Account and then Account security

  2. Click Enable 2FA

  3. Download an authenticator app

    Screenshot of splose account security settings showing the two-factor authentication setup screen

  4. On your phone, open the authenticator app and scan the QR code to receive a verification code

    Screenshot of splose account security settings showing the QR code to scan with an authenticator app

  5. Then enter the verification code provided by the authenticator app

    Screenshot of splose two-factor authentication verification code entry field

  6. Finally a confirmation will show that 2FA is successfully enabled. You will then have access to your splose account

    Screenshot of splose account settings confirming two-factor authentication has been successfully enabled


Reset 2FA for a team member

Easily reset 2FA for users in the team when needed.

Important: Only an Account owner or Practice Admin can perform this action. If you are having issues using 2FA please reach out to your account admin.

To reset 2FA:

  1. Go to Settings, then Users

  2. On the Users page next to the relevant user, click the three dots (•••) in the 'Actions' column, then Reset 2FA

    Screenshot of splose Users settings showing the Actions menu with Reset 2FA option

  3. Resetting their 2FA will remove their current 2FA setup and send them an email to reconfigure it. When ready, click Send reset email

    Screenshot of splose Reset 2FA dialog showing Send reset email button
  4. The user will then receive an email with a temporary reset link. After they click the link they'll be directed to log in with their password and set up 2FA again before accessing their account.

The reset link expires in 1 hour.


Move 2FA to a new phone

If you still have access to your old phone:

Use the authenticator app's built-in transfer or export feature to move the splose entry to the new phone. The QR code is only shown once during initial setup and will not appear again in splose.

  • Google Authenticator: tap Transfer accounts > Export accounts

  • Microsoft Authenticator: use the Backup and restore feature

  • Other apps: check the app's settings for an export or transfer option

Once transferred, use the code from the new phone to log in as normal.

If you no longer have access to your old phone:

  • Account owners or admins should reach out to support to request their 2FA be reset.

  • All other user types should reach out to their account owner or practice admin and request that their 2FA be reset.
    The account owner/admin can reset the user's 2FA by going to Settings > Users > ••• > Reset 2FA > Send reset email. The user will receive a link to set up 2FA fresh on their new phone, and the QR code will appear during this process.


Reset your own 2FA as an account owner

If you're an account owner or admin and you're having trouble with your 2FA and require it to be reset, please get in touch with the support team via the chat.


Frequently Asked Questions

Can I use 2FA for multiple workspaces?

If you belong to multiple workspaces, then you will need to set up 2FA for each account separately.

Do I need coverage to access an authenticator app and get my code?

Network access is not needed to continue to generate those codes. 2FA operates through code generation with an authenticator app. A consistent set of access codes are generated based on the unique QR given when you set 2FA up.

What if I want to add a new practitioner and set up their account with some appointments before they start?

You can use your own authenticator initially then, once the practitioner is available, reset their 2FA and direct them to set up 2FA using their own authenticator.

Can I set up 2FA with multiple mobile phones for the same user?

Yes, you can have multiple devices set up for 2FA for the same splose user. It's done by scanning the same 2FA QR code on each device (so each device generates the same codes). To do this:

  1. Make sure you have the same authenticator app installed on each device

  2. In your splose account go to My accountAccount securityEnable 2FA. A QR code will appear

  3. On the first mobile phone, open the authenticator app and scan the QR code

  4. In the second, and any further devices, open the authenticator app and scan the QR code

Note: While setting up 2FA on multiple devices for the same user is supported, sharing QR codes across different users increases the risk of unauthorised access if one device is compromised. This method should only be used as a last resort.

Can I share an account with another user?

Sharing accounts is strongly discouraged as it compromises security. Two-factor authentication (2FA) codes expire approximately every 30 seconds, making it impractical to share codes reliably. Creating individual accounts for each user ensures better security and compliance.

Can 2FA be disabled for specific users?

No, 2FA cannot be selectively disabled once it is enabled for a workspace. All users within the workspace must comply with the 2FA requirement.


Troubleshooting

I've set up 2FA, but it's not working.

If you are an account owner who has set up 2FA and it isn't working, please contact support via the chat.

If you are a practitioner or any other type of user, and your 2FA isn't working, reach out to your account admin to reset your 2FA.

I've got a new phone. How do I move my two-factor authentication across?

You will need to get in touch with your workspace Account Owner to have your 2FA reset. Many authenticator apps (such as Google Authenticator) also let you transfer existing accounts to a new phone using their built-in export or transfer feature.

I have a new phone, and I can't access the authenticator app on my old phone!

If you have a new phone, and you're unable to access your old phone, you will need to send a request to your account owner or practice admin to reset your 2FA. Once they have done that, you can set 2FA up on your account with your new phone.

I've entered the code displayed in my authenticator app, but it's not working

Two-factor authentication (2FA) uses time-based security codes to protect your splose account. For these codes to be accepted, your device's internal clock must match the official "network time" used by our servers. If your device is not synced with network time, the security code generated will not be recognised, resulting in a login error.

Please note that your device only needs to check the network time occasionally to maintain accuracy; you do not need to maintain a constant internet connection for 2FA to continue working once the time is correctly set.

Click the link in the table below to learn how to change your device's time settings. Ensure that Set time automatically is set to ON.

Device Category

Operating Systems

Mobile

Tablet

Computer

I've lost the device with my authenticator and can't log in. How do I reset it?

For security, you can't reset your own two-factor authentication from the login screen. An account owner or practitioner admin can reset it for another user from that user's profile. If the account owner has lost access, contact splose support; the team will verify your identity before resetting two-factor authentication on the account.

Did this answer your question?