Find a provider 커뮤니티 포럼
의료 제공자용 변호사를 위한
로그인 변호사

How to Set Up Two-Factor Authentication

Last updated Jun 27, 2026

Your Medximity account gives you access to appointment information, provider communications, and personal health data. A password alone is no longer enough to protect that access. Two-factor authentication (2FA) adds a second layer of security so that even if your password is compromised, your account stays protected.

This guide covers setup for both patients using the Medximity patient portal and providers using DigitalPatientChart EHR. Follow the section that applies to you.

What Is Two-Factor Authentication and Why Use It?

Two-factor authentication requires two things to log in: your password and a temporary verification code. The code is sent to your phone or generated by an authenticator app.

When comparing two-factor authentication vs. a password alone, the difference in security is significant. Passwords can be guessed, stolen, or exposed in data breaches. A 2FA code is time-sensitive and tied to a device only you control. Even if someone has your password, they cannot access your account without that second factor.

Using an authenticator app for medical records access is safe and is the method most recommended by healthcare security standards. Authenticator apps generate codes locally on your device — nothing is transmitted over a network until you enter the code yourself.

Is two-factor authentication required for the patient portal? 2FA is strongly recommended for all Medximity accounts. Provider accounts with access to DigitalPatientChart EHR are required to enable it to meet HIPAA security requirements.

What You Need Before You Start

Before you begin the step-by-step guide to two-factor authentication setup, have the following ready:

  • Your Medximity username and current password
  • Your smartphone (iOS or Android)
  • A decision on your preferred verification method (see below)

Choosing Your Verification Method

Medximity supports two methods:

  • Authenticator app (recommended): Generates a 6-digit code on your phone every 30 seconds. Works without cell service or Wi-Fi once set up.
  • Text message (SMS): Yes, you can use a text message for two-factor authentication. A code is sent to your registered mobile number each time you log in. Requires cell service.

For healthcare accounts, an authenticator app is the stronger choice. It is not dependent on your carrier, works internationally, and cannot be intercepted via SIM-swapping attacks.

Best Authenticator Apps for Healthcare Logins

Any standard TOTP-compatible authenticator app works with Medximity. Widely used options include:

  • Google Authenticator (iOS / Android)
  • Microsoft Authenticator (iOS / Android)
  • Authy (iOS / Android — supports encrypted cloud backup)

Download one of these apps before proceeding. All are free.

How to Enable Two-Factor Authentication — Patient Portal

Follow these steps to set up two-factor authentication on your Medximity patient account.

  1. Log in to your patient portal at medximity.com.
  2. Select your account name or avatar in the top-right corner.
  3. Go to Account Settings, then select Security.
    {{screenshot: Account Settings > Security tab, with Two-Factor Authentication row visible}}
  4. Under Two-Factor Authentication, select Enable.
  5. Choose your verification method:
    • Select Authenticator App to proceed with an app-based code.
    • Select Text Message (SMS) to receive codes by phone.
  6. If you chose Authenticator App:
    1. A QR code will appear on screen.
      {{screenshot: QR code display screen with manual entry code below it}}
    2. Open your authenticator app and tap the + or Add Account button.
    3. Scan the QR code with your phone camera, or tap Enter a setup key and type the code shown below the QR code.
    4. Your app will display a 6-digit code. Enter that code into the confirmation field on screen.
    5. Select Verify and Enable.
  7. If you chose Text Message:
    1. Enter your mobile phone number and select Send Code.
    2. Enter the 6-digit code from the text message into the confirmation field.
    3. Select Verify and Enable.
  8. Save your backup codes when prompted. Store them somewhere safe — you will need them if you lose access to your phone. (See backup codes section below.)

Two-factor authentication is now active on your patient portal account. You will be asked for a verification code each time you log in from a new device or browser.

How to Enable Two-Factor Authentication — Provider (DigitalPatientChart EHR)

Provider accounts accessing DigitalPatientChart are required to enable 2FA. Here is how to complete setup.

  1. Log in to your DigitalPatientChart provider account.
  2. Navigate to Settings in the left sidebar, then select Account Security.
    {{screenshot: Provider Settings panel with Account Security option highlighted}}
  3. Under Two-Factor Authentication, select Set Up Now.
  4. Select Authenticator App (required for EHR access) and select Continue.
  5. Open your authenticator app and tap Add Account or the + icon.
  6. Scan the QR code displayed on screen.
    {{screenshot: QR code screen for provider 2FA setup}}
  7. Enter the 6-digit code your app generates into the field labeled Verification Code.
  8. Select Confirm and Activate.
  9. Download or copy your backup codes. Store them in a secure, offline location — your practice administrator should also have a copy.

After activation, all logins to DigitalPatientChart from this account will require a verification code.

Practice administrators: You can verify which staff accounts have 2FA enabled under Settings > Team Members > Security Status.

Backup Codes — What They Are and Where to Store Them

When you enable 2FA, Medximity generates a set of single-use backup codes. Each code can be used once in place of your regular verification code — for example, if you lose your phone.

  • Print or download your backup codes immediately after setup.
  • Store them somewhere offline — a printed copy in a locked drawer works well.
  • Do not store them in your email inbox or an unsecured notes app.
  • Each code is used once and then expires. Generate a new set after using one.

To generate new backup codes: go to Account Settings > Security > Two-Factor Authentication > Regenerate Backup Codes.

Troubleshooting Two-Factor Authentication

How long does a two-factor authentication code last?

Authenticator app codes refresh every 30 seconds. Enter your code as soon as it appears — if it is near the end of its cycle, wait for the next code to generate. SMS codes typically expire after 10 minutes.

Two-factor authentication not working — how to fix it

Try these steps in order:

  1. Check the time on your phone. Authenticator apps depend on your device clock being accurate. Go to your phone's date and time settings and enable Set Automatically.
  2. Wait for a fresh code. If the code shown is almost expired (the timer is nearly finished), wait for the next one before entering it.
  3. Confirm the correct account. If you have multiple accounts in your authenticator app, make sure you are using the code labeled for Medximity.
  4. Check your SMS delivery. If using text message, confirm your phone number is correct in Account Settings > Security. International numbers may experience delays.
  5. Use a backup code. If no other option works, enter one of your saved backup codes on the login screen where the verification code is requested.

How to regain access if you are locked out

If you cannot access your verification method and have no backup codes:

  1. On the login screen, select Can't access your code? or Use a backup code.
  2. If backup codes are unavailable, select Contact Support to request a manual identity verification and account recovery.
    {{screenshot: Login screen showing "Can't access your code?" link below the verification code field}}
  3. Providers: Contact your practice administrator first — they may be able to initiate an account reset from the admin panel without waiting for support.

Account recovery requires identity verification. Have your registered email address and practice information ready when contacting support.

Switched phones or got a new number?

  1. Log in while you still have access to your old device or number.
  2. Go to Account Settings > Security > Two-Factor Authentication.
  3. Select Update Phone or Change Authenticator App and follow the setup steps again with your new device.

How to Turn Off Two-Factor Authentication

Patients: You can disable 2FA at any time from Account Settings > Security > Two-Factor Authentication > Disable. You will be asked to confirm with your current password.

Providers: 2FA cannot be disabled on provider accounts with EHR access. This is required to maintain HIPAA compliance. Contact your practice administrator if you have questions about your account configuration.

Still Need Help?

If you have worked through this guide and are still having trouble with your account, the Medximity support team can help.

  • Help Center: Search for additional articles at medximity.com
  • Support ticket: Submit a request through the Help menu inside your account
  • Providers: Contact your practice administrator before reaching out to support — many account security changes can be handled at the admin level

When contacting support about a 2FA issue, have your registered email address and the type of verification method you use ready. Do not share backup codes with support staff.

We use first-party cookies to run this site and understand how patients find us. Privacy