Insta HMS has come up with a new feature called Multi-factor Authentication on it’s Hospital Management System. Previously, Insta HMS used an SSL method of secondary authentication which had a series of drawbacks making it hard for our users to authenticate themselves efficiently. This method was also unreliable as the process required self-signed Digital Certification and didn't require any authentication issued by the certified authority. Moreover, it also had some technical downsides. To overcome all these challenges and to make a user-friendly and ease-to-use Management System, Insta HMS came with its own Multi-factor Authentication (MFA).
What is MFA and why is it important?
MFA is an authentication method which is a core component of the Identity and Access Management (IAM) policy. It requires the user to provide two or more verifications to authenticate themselves and gain access to the resources provided. It not only depends on the username and password, but also on some additional factors to authenticate the user’s identity. This helps to improve the security accessibility of the Management System and to keep the user’s actions private.
The username and password are vulnerable to brute force attacks and it can be stolen by any third party entity. Keeping the additional authentications with the help of MFA methods, it helps users to build high confidence in the organization to keep them safe from any unauthorized user access.
Where to find MFA in Insta HMS?
The newly updated version has introduced a page in the Management System called “Security Preferences”, which has all the previously available password settings along with some additional security settings that have been added to implement the MFA method. This provides users with a higher level of security and flexibility. Users can now manage their security settings with ease.
“My Accounts” page has been introduced for the users to manage their accounts as well as all their 2 factor authentication login methods. It also allows the user to update their profile and manage their passwords credentials whenever necessary.
What is the MFA in Insta HMS?
The Multi-factor Authentication in Insta HMS is of various factors. Each factor is described below:
Two Factor Authentication method made available in the HMS uses online Authentication Applications like Google Authenticator, Microsoft Authentication, or RSA. You can use any one of the options for the MFA method (Make sure you first establish yourself with the App by scanning the QR code). This method will require the user to authenticate himself using the App for every login establishing the second-factor authentication.
Offline Tokens are static codes that can be used only once. It is always recommended that you print these codes and keep them safe. There will be 10 codes dynamically generated and you can also regenerate these codes from the Offline Tokens page.
OTP over SMS is a One Time Password generation method over SMS to authenticate the user. This feature is currently unavailable but will be made available soon.
OTP over Email is a One Time Password generation method over Email to authenticate the user’s identity.
IP Whitelisting for 2 FA allows the I.T. Administrators to provide access to IP addresses based on defined login authentication rules. Any defined rules can be modified or deleted by the Administrators.
Other features for MFA
Some additional features are also introduced to help users in Migration and during the Account Recovery Phase. On Migration, the 2 FA login credentials are not applied and the administrator will need to manually configure this feature. Also, the digital certificate issued by Insta will no longer be valid.
Due to loss/damage of devices, mobile number/email address for login, etc., administrators can recover the user account with one time login offline code using the Account Recovery feature. This code can be later shared with the user.
Insta HMS’s new feature, Multi-Factor Authentication not only helps to improve the security accessibility of the Management System but also to help users to build high confidence in your organization to keep them safe from any unauthorized user access and maintain confidentiality.