Two-factor authentication

Keep client data and payment credentials secure with 2FA.

header-x
Two-factor authentication

Your Xircuit account holds client health data, progress notes and payment information. Two-factor authentication ensures that even if your password is ever exposed, only you can log in — keeping every client's trust intact.

Request a demo

One extra step that keeps your accounts safe.

  • Client health data and progress notes are protected against credential-based access.
  • Payment credential security means billing data cannot be accessed with a password alone.
  • Quick TOTP set-up takes under two minutes and requires no technical expertise.

Xircuit's two-factor authentication uses time-based one-time passwords (TOTP) from any authenticator app — Google Authenticator, Microsoft Authenticator or Authy. Every account stays protected against credential-stuffing attacks even if a password is ever compromised.

TOTP authenticator support

Works with Google Authenticator, Microsoft Authenticator, Authy and any standard TOTP app — no proprietary hardware required.

Credential-stuffing protection

Even if a password is exposed in a third-party breach, 2FA blocks unauthorised access to Xircuit accounts.

Self-service enrolment

Users set up 2FA from their own profile page in under two minutes — no admin intervention required.

Admin enforcement option

Org admins can require 2FA for all staff logins, ensuring consistent security across the whole team.

No SMS dependency

TOTP codes are generated locally on the user's device — no SIM-swap risk and no reliance on phone signal.

Two-factor authentication

Personal trainers who enable 2FA on their Xircuit account add a meaningful layer of protection with minimal friction — commonly reporting that the added security gives both them and their clients greater confidence in how data is handled.

Frequently Asked Questions

Which authenticator apps does Xircuit support?

Xircuit supports any standard TOTP authenticator app, including Google Authenticator, Microsoft Authenticator and Authy. You scan a QR code once during set-up and the app generates codes automatically.

Can I require 2FA for all staff and admin logins?

Yes. Org admins can enforce 2FA for all staff roles from the organisation security settings. Users without 2FA set up will be prompted to enrol before accessing their account.

What happens if a user loses access to their authenticator app?

Users receive recovery codes when they set up 2FA. An org admin can also disable 2FA for a specific account via the admin panel so the user can re-enrol.

Related features

Ready to see Xircuit in action?

Request a demo Get the app