Two-factor authentication
Patient records are among the most sensitive data a practice holds. Xircuit's two-factor authentication supports your GDPR obligations by ensuring that access to patient information requires more than a password alone — for staff, practitioners and admins alike.
Request a demoXircuit's two-factor authentication uses time-based one-time passwords (TOTP) from any authenticator app — Google Authenticator, Microsoft Authenticator or Authy. Every account stays protected against credential-stuffing attacks even if a password is ever compromised.
Works with Google Authenticator, Microsoft Authenticator, Authy and any standard TOTP app — no proprietary hardware required.
Even if a password is exposed in a third-party breach, 2FA blocks unauthorised access to Xircuit accounts.
Users set up 2FA from their own profile page in under two minutes — no admin intervention required.
Org admins can require 2FA for all staff logins, ensuring consistent security across the whole team.
TOTP codes are generated locally on the user's device — no SIM-swap risk and no reliance on phone signal.
Health practices that enforce 2FA across all staff roles typically document it as part of their GDPR technical safeguards — and often find it is one of the most straightforward measures to implement with the highest impact on overall access security.
Xircuit supports any standard TOTP authenticator app, including Google Authenticator, Microsoft Authenticator and Authy. You scan a QR code once during set-up and the app generates codes automatically.
Yes. Org admins can enforce 2FA for all staff roles from the organisation security settings. Users without 2FA set up will be prompted to enrol before accessing their account.
Users receive recovery codes when they set up 2FA. An org admin can also disable 2FA for a specific account via the admin panel so the user can re-enrol.