Questions about legal matters – Two-Factor Authentication

In support, we often receive questions about legal matters regarding our appointment booking services. We take our data security very seriously and have developed thorough and secure processes for handling legal issues. In order to make it a little bit easier to navigate around, we have attempted to gather all information necessary in one blog post. You can expect to learn more about EasyPractices Two-Factor Authentication (2FA), and what to do in case you have lost your 2FA access. You will also find information about transferring account ownership and how to request a booking IP address.

What is EasyPractice’s Two-Factor Authentication?

We have developed an app in our scheduling software that enhances the security of handling customer data, which is called “Two-Factor Authentication” (2FA). With 2FA you can add an additional layer of security when logging into your EasyPractice user account. This could be especially beneficial for practitioners who handle sensitive data. It is easy to activate 2FA access, and is done through 4 steps:

• Activate the app in EasyPractice 
• Download Google Authenticator
• Scan the QR code that you receive from EasyPractice with your Google Authenticator app
• Insert the 6-digit code that you receive 

Once you have gone through the steps and activated the 2FA-app, you will need to use Google Authenticator every time you log into your EasyPractice account, in addition to your login information. 
Are you interested in learning more about EasyPractice and GDPR? You will find more information here.

What do I do if I have lost my 2FA access?

Some of the emails that we receive in our support comes from customers who have lost their 2FA access. This could for instance be because they have lost their phone, deleted the app, removed the connection from the app or something completely different. If you have lost your 2FA access somehow, you won’t be able to access your EasyPractice account. However, this could easily be solved. But we do take our precautions. 

If this happens to you, please send an email to our support team. In order to make sure that we give access to the right person, we need to verify the user. To do that, we would need at least 3 pieces of information: 

1. Photo of your face while holding the ID/Passport. The photo must be clearly visible and readable. 
2. A photo/PDF of your latest utility bill, such as phone bill, electricity, gas or something else. The most important thing is that your name is stated on the bill. 
3. The last 4 digits of the credit card used to pay for their EasyPractice subscription. 

Once we have received this information and have been able to verify the user, we will deactivate your 2FA on your account and you will be able to login. Once logged in, you can always reactivate the 2FA access.

This process is established to ensure correct handling of sensitive data.

How do I transfer account ownership without compromising data security?

Transferring ownership of your account can be done directly in the system. It is intuitive, and is done through 2 steps: 

1. Clean up your system 

Before transferring the ownership it is crucial that you “clean up” all the information that you have saved in your EasyPractice system. With this, we mean deleting all necessary data that potentially could lead to a violation of GDPR if not removed. Example of this could be: 

• Saved clients
• Journals
• Invoices

You should also remove other data that won’t be necessary for the new owner of the account to keep. For instance, you could delete saved services, online courses, statistics and more. Whatever you feel is necessary.

2. Change login-information

Once you have cleaned up the system, it is time to change the login information. This is done under “Settings” → “Security”. Here you can change the email address and password. Once this is changed, the transfer of the ownership is officially done. The new owner of the account will now be able to log in with chosen email address and password. Under the same page, you are also able to change the name of your practice, address, VAT-number and more. 

Requesting booking IP addresses

There are some cases where practitioners need to know the IP address which has registered for an appointment or purchased something (e.g., an online course). We take our data security very seriously. Therefore, we have formulated a set of requirements before giving out an IP address to one of our customers. If you wish to request an IP address of an user who recently booked an appointment or purchased something you need to send us an email including the following information: 

• the client name/ID 
• the date & time of the booking/purchase
• the reason why they need this IP address. 

We will then contact the Danish data protection authorities about this specific case and in collaboration with authorities reach a decision. If permission is granted we will send you the IP address.

In our Help Centre we have a lot of other useful and interesting guides.

If you have any questions or comments, please get in touch at [email protected] and we’ll get right back to you! ? If you wish to try out our booking system free of charge to see if it works for you!