Help Center
How can we help? 👋
All Categories
Doctor Platform
Implementation of SMS/Whatsapp OTP

Implementation of SMS/Whatsapp OTP

Protect your patients’ medical data with improved cybersecurity measures

Last updated on March 31, 2023

Improvement of Security Posture
 

Implementation of SMS/Whatsapp MFA

Starting from the 7th of April 2023, OTP will be sent to your mobile device instead of your email account

 

Why is SMS/Whatsapp MFA being implemented?

SMS/Whatsapp-based multi-factor authentication (MFA) is considered more secure than email-based MFA for several reasons:

  1. SMS/Whatsapp is more difficult to intercept: SMS/Whatsapp messages are transmitted over a secure network that is separate from the internet, making it more difficult for hackers to intercept the messages. On the other hand, email can be more easily intercepted, especially if the email account is not secured with strong passwords and two-factor authentication.
  1. SMS/Whatsapp is less susceptible to phishing attacks: Phishing attacks are a common method used by hackers to steal personal information, including login credentials and MFA codes sent via email. SMS/Whatsapp messages, however, are less susceptible to phishing attacks because the message is sent directly to the user's device and is not accessible via email.
  1. SMS/Whatsapp provides real-time notification: SMS/Whatsapp messages are delivered to the user's device in real-time, allowing the user to quickly respond and complete the MFA process. Emails, on the other hand, can be delayed or sent to the user's spam folder, making it more difficult to complete the MFA process in a timely manner.
 

How to setup the SMS/Whatsapp MFA?

  1. First Log in upon implementation: both new users and existing users will be prompted to verify their mobile number.
Notion image
 
  1. On clicking “Send Code”, users will receive an OTP. Testing shows that this typically takes <5 seconds to deliver the SMS/Whatsapp.
Notion image
 
  1. On inputting the 6-digit OTP, the “Confirm” button becomes clickable. If their OTP code is correct, they are able to resume use of the system as per normal.
Notion image
 
ℹ️
> Mobile numbers must be unique (i.e.. every individual user of the Doctor Platform should have their own unique mobile no., and they cannot re-use a mobile no. already in use by another doctor). > Sub-accounts will have the ability to log in to their own accounts.
 

Can users change their registered mobile no?

This can be done through the Settings page. To use a new mobile number for OTP, users must complete OTP verification once more for the new number they’re registering.

 

Can we link multiple mobile numbers to receive the OTP?

Yes, you are able to link multiple mobile numbers by setting up sub-accounts on the setting page for every mobile number that you wish to link the OTP.

 

Watch our tutorial video below on how to setup a sub-account in BioMark Platform.

 
 

Frequently Ask Questions (FAQ)

 

Q: What happens if I don't receive an OTP? A: If you don't receive an OTP after clicking "Send Code," please ensure the mobile number you entered is correct. Alternatively, you can try to request Whatsapp OTP if you fail to get OTP from your SMS. If the problem persists, please contact our support team for assistance.

Q: What happens if I enter the wrong OTP? A: If you enter the wrong OTP, you will be prompted to enter the correct code. If you enter the wrong code multiple times, your account may be temporarily locked for security reasons. Please contact our support team for assistance if this happens.

Q: Can I still use email-based MFA? A: No, starting from the 7th of April 2023, OTP will only be sent to your registered mobile number. Email-based MFA will no longer be supported.

Q: Can I link multiple mobile numbers to my account? A: Yes, you can link multiple mobile numbers to your account by setting up sub-accounts on the Settings page. Please refer to our Sub-account article for more information.

Q: Can I change my registered mobile number? A: Yes, you can change your registered mobile number by updating it on the Settings page. However, you will need to complete OTP verification again for the new mobile number before you can use it to receive OTPs.

Q: My clinic doesn’t have mobile phone number. How can I get the OTP number?

The user can create sub-accounts for every user that is accessing the platform. Each sub-account would have its own login and would be able to link a mobile number for the SMS/Whatsapp OTP. This would provide the convenience where everyone is able to access the platform without having to look at one email inbox and finding which OTP is which.

Q: How long does the login last once I logged in to the platform and doesn't log out?

A: Your account will remain logged in for 24 hours before being automatically logged out. During this period, you can use of all the features available on our platform without having to repeatedly enter your login credentials. This is especially useful for users who need to access our platform frequently throughout the day.

Q: I have more than one BioMark account to manage. Can I use the same OTP phone number to register and receive SMS/Whatsapp OTP?

Yes, with SMS/Whatsapp OTP, you can register your number for up to 5 accounts.