How to Set Up Two-Factor Authentication (MFA)

Add an extra layer of security to your HealthForms.io account with two-factor authentication.

Overview

What it is: Two-factor authentication (2FA), also called multi-factor authentication (MFA), requires two pieces of information to log in instead of just your password.

Who uses it: Anyone who wants extra security (recommended for all users).

Why it matters:

• Makes your account much harder to hack
• Protects your sensitive health information
• Takes only a few minutes to set up
• Works with authenticator apps or text messages

Quick Start

Option 1: Authenticator App (Recommended)

1. Log into your account
2. Go to your account page (you land here after login)
3. In the Multi-Factor card, click Add Authenticator App
4. Follow the three setup steps: download app → scan QR code → enter verification code
5. Save your recovery codes
6. Done!

Time: 5 minutes

Option 2: Text Message (SMS)

1. Log into your account
2. Go to your account page
3. In the Multi-Factor card, click Add Mobile Phone
4. Enter your phone number, click Verify
5. Enter the code texted to you
6. Save your recovery codes
7. Done!

Time: 5 minutes

Understanding 2FA

How 2FA Works

Normal login uses 1 factor:

• Something you know: Password ✅

2FA login uses 2 factors:

• Something you know: Password ✅
• Something you have: Phone (code) ✅

Why 2 factors is better:

• If someone steals your password, they still can't log in
• They would also need access to your phone
• Makes accounts much more secure

What You Need

For Authenticator App:

• Your smartphone (iPhone, Android, etc.)
• An authenticator app installed:
  • Google Authenticator (free)
  • Microsoft Authenticator (free)
  • Authy (free)
  • 1Password (paid but has other features)
  • LastPass Authenticator (free)

For Text Message:

• Your mobile phone number
• Ability to receive SMS text messages

Step-by-Step: Authenticator App (Recommended)

Step 1: Log Into Your Account

Log in to HealthForms.io normally using your email and password.

Step 2: Go to Your Account Page

After logging in, you are taken to your account page. Return to it any time at https://app.healthforms.io/account.

Step 3: Click "Add Authenticator App"

In the Multi-Factor card at the bottom of the account page, click Add Authenticator App.

You are taken to the Setup Two Factor Authenticator page with three steps.

Step 4: Choose Your Authenticator App

If you haven't installed an authenticator app yet, install one on your smartphone:

Popular free options:

• Google Authenticator - Simple and popular
• Microsoft Authenticator - Good alternative
• Authy - Feature-rich with cloud backup
• 1Password - If you already use 1Password
• LastPass Authenticator - If you already use LastPass

Installation:

1. Open your phone's app store (App Store for iPhone, Google Play for Android)
2. Search for the app name
3. Install it
4. Open the app

Step 5: Scan QR Code

HealthForms.io will show a QR code on your screen.

On your phone:

1. Open your authenticator app
2. Look for a "Scan" button or camera icon
3. Point your phone at the QR code
4. The app will automatically add HealthForms.io

If scanning doesn't work:

• The setup screen should have a "Can't scan?" or "Enter key manually" option
• Copy the setup key from that screen
• In your authenticator app, choose "Enter setup key"
• Paste the key and give it a name (e.g., "HealthForms.io")

Step 6: Enter Verification Code

Your authenticator app will now show a 6-digit code that changes every 30 seconds.

On the HealthForms.io screen:

1. Look at your authenticator app
2. Find the code for HealthForms.io
3. Type that code into the HealthForms.io field
4. Click "Verify" or "Confirm"

Important:

• Codes expire every 30 seconds
• If the code doesn't work, wait a few seconds for a new one
• Make sure your device's time is correct

Step 7: Save Your Recovery Codes

HealthForms.io will show you recovery codes — a list of short codes displayed in two columns.

IMPORTANT: Save these codes!

These are emergency access codes in case you:

• Lose your phone
• Can't access your authenticator app
• Need to recover your account

Each code can only be used once. Once a code is used, it cannot be used again.

How to save:

1. Best: Copy them to your password manager (1Password, LastPass, Bitwarden)
2. Good: Write them on paper and store in a safe place

Never:

• ❌ Share your recovery codes
• ❌ Email them to yourself
• ❌ Post them online

Click Finish to complete setup.

Step 8: Done!

Your two-factor authentication is now active!

What happens next:

• Every time you log in, you'll be asked for your 2FA code
• You'll need your authenticator app to log in
• Your account is much more secure

Step-by-Step: Text Message (SMS)

Step 1-2: Log In and Go to Account Page

Same as authenticator app steps 1-2 above.

Step 3: Click "Add Mobile Phone"

In the Multi-Factor card on the account page, click Add Mobile Phone.

You are taken to the Update Multi-Factor Phone Number page.

Step 4: Enter Your Phone Number

Enter your mobile phone number in the Phone Number field. The Country Code is pre-filled and read-only.

You will see a consent notice: by adding a mobile phone you agree to receive account security text messages from HealthForms.io, including 2FA codes.

Click Verify.

Step 5: Enter the Verification Code

You are taken to the Verify Phone Number page. HealthForms.io sends a verification code to your phone.

1. Check your text messages for the code
2. Enter the code in the verification field
3. Click Verify

If you didn't receive the code, click Resend Verification Code. Click Cancel to go back.

Step 6: Save Your Recovery Codes

Same as authenticator app setup — save these codes somewhere safe!

Click Finish to complete setup.

Step 7: Done!

Text message 2FA is now active!

What happens next:

• Every time you log in, you'll receive a text with a code
• You'll need to enter that code to log in
• Your account is much more secure

Recovery Codes

What Are Recovery Codes?

Recovery codes are:

• One-time emergency codes shown when you first set up any MFA method
• Each code works only once — after use, it cannot be used again
• Different from your regular 2FA code
• Essential for account recovery

When to Use Backup Codes

Use backup codes if you:

• Lost your phone (can't access authenticator app)
• Forgot which authenticator app you used
• Have a broken phone
• Can't receive text messages
• Need emergency access to your account

Example: You're locked out of your authenticator app and need to access HealthForms.io. Use one backup code instead.

How to Use a Backup Code

1. Go to login page
2. Log in normally with email and password
3. When asked for 2FA code, enter one of your backup codes instead
4. You're logged in! That backup code is now used up.

Important:

• Each code works only once
• Once used, it won't work again
• You have a limited number, so use them carefully
• If you run out, open a support ticket at https://support.healthforms.io

Save Your Backup Codes

Best practices:

1. Password Manager: Copy all codes to 1Password, LastPass, or Bitwarden
2. Printed & Stored: Print and keep in a safe place (not your wallet!)
3. Share with trusted person: Some people give a copy to a trusted family member

Never:

• ❌ Leave them on your desk
• ❌ Screenshot and email yourself
• ❌ Post on social media
• ❌ Leave in an unsecured location

Managing Your 2FA

Add a Second MFA Method

You can have both Authenticator App and Text Message active at the same time. Go to your account page and click Add Authenticator App or Add Mobile Phone in the Multi-Factor card to add the second method.

When both methods are active, a Default Method dropdown appears so you can choose which method is shown by default at login.

Remove an MFA Method

To remove an MFA method:

1. Go to your account page
2. In the Multi-Factor card, click Remove Authenticator App or Remove Mobile Phone
3. Confirm removal on the confirmation page

Important: You cannot remove your only MFA method. The Remove button is disabled if you only have one method set up. Add the other method first, then remove the one you don't want.

Regenerate Recovery Codes

If you've used all your recovery codes or lost them, go to your account page and click Regenerate Recovery Codes in the Multi-Factor card. New codes are displayed immediately — old codes are invalidated when new ones are generated.

Lost Your Phone?

If you lost or broke your phone:

1. Try logging in with a backup code instead of your authenticator app
2. Once logged in, go to Account Settings
3. Change your 2FA method or set up a new authenticator app
4. Save new backup codes

If you don't have backup codes:

• Open a support ticket at https://support.healthforms.io
• Include your account email and a description of the issue
• Support can reset your 2FA so you can set it up again

Authenticator App Time Sync Issues

If your codes don't work, your device's time might be wrong:

Check your device time:

1. On your phone: Settings → Date & Time
2. Make sure "Automatic" or "Set automatically" is enabled
3. If off, turn it on
4. Wait a few seconds

Then try your 2FA code again.

Common Issues

Issue: 2FA Code Doesn't Work

Symptoms:

• "Invalid code"
• "Code expired"
• Code rejected

Solutions:

1. Wait for new code - Codes expire every 30 seconds
2. Check time on device - Make sure device time is correct
3. Don't include spaces - Enter code as shown (no spaces)
4. Try backup code - If code still doesn't work, use a backup code instead
5. Close and reopen app - Sometimes the app needs to refresh

Issue: Lost Backup Codes

Symptoms:

• Can't find your saved codes
• Codes were deleted
• Can't recover your account

Solutions:

1. Check password manager - Look in 1Password, LastPass, Bitwarden
2. Check printed backup - Look for printed copy you saved
3. Contact administrator - They can help reset your 2FA
4. You may lose access - If you can't find codes or admin help

Prevention: Always save codes in multiple places!

Issue: Authenticator App Deleted/Reinstalled

Symptoms:

• You uninstalled your authenticator app
• You switched phones
• Codes are gone

Solutions:

1. You still have backup codes - Use one of them to log in
2. Once logged in, set up a new authenticator app
3. Scan the QR code again
4. Save your new backup codes

Issue: Can't Scan QR Code

Symptoms:

• Scanning won't work
• Camera not focusing
• App doesn't recognize code

Solutions:

1. Manually enter key - Most apps have a "Can't scan?" option
2. Better lighting - Make sure you have good light
3. Steady hand - Keep phone steady while scanning
4. Different app - Try a different authenticator app
5. Screenshot the code - Use QR code reader app to verify

Security Tips

✅ Do:

• Set up 2FA on all important accounts
• Save backup codes in password manager
• Keep your authenticator app updated
• Use a strong password in addition to 2FA
• Test your backup codes occasionally

❌ Don't:

• Share your authenticator app or backup codes
• Use the same authenticator on multiple devices (without backup)
• Delete authenticator app without saving setup key
• Post screenshots of codes online
• Leave backup codes in plain sight

Q&A

Q: What is two-factor authentication (2FA)? A: 2FA adds an extra security layer to your account by requiring two pieces of information to log in: your password and a code from your phone (either from an authenticator app or text message). This makes your account much harder to hack.

See MFA Setup Guide for setup instructions.

Q: Should I set up 2FA? A: Yes, absolutely! 2FA is highly recommended for all users. It takes only 5 minutes to set up and makes your account much more secure.

Q: What authenticator app should I use? A: Popular free options: Google Authenticator, Microsoft Authenticator, Authy, or LastPass Authenticator. They all work the same way - choose whichever is most convenient for you.

Q: What are backup codes? A: Backup codes are emergency recovery codes (usually 8-10 codes) generated when you set up 2FA. Each code works once and can be used to log in if you lose your phone. Save them somewhere safe like a password manager.

See Backup Codes for details.

Q: What if I lose my phone? A: Use one of your recovery codes to log in, then set up 2FA again on a new phone. If you don't have recovery codes, open a support ticket at https://support.healthforms.io for help.

Q: Why doesn't my 2FA code work? A: Codes expire every 30 seconds - wait for a new one. Also check that your device's time/clock is correct, as authenticator apps depend on accurate time.

Q: Can I use 2FA on multiple devices? A: You'll need to set it up separately on each device. Your authenticator app must be installed on each phone/device you want to use.

Related Topics

• How to Log In - Log in with your 2FA
• Password Reset - Recover access if locked out
• Account Management - Update account info
• Troubleshooting - MFA troubleshooting

See the Glossary of Terms for definitions of terms used in HealthForms.io.