WinVoicePro Mobile 2FA is a security extension to the WinVoicePro Mobile application that enables users to read, amend and verify clinical letters quickly and easily using a mobile device across any operating system.
2FA (Two-Factor Authentication) is a way to authenticate users using two of the three valid authentication factors: something the user knows (a password or a PIN), something the user has (smart card, mobile phone or an ATM card) and something the user is (biometric data, including fingerprints or retina data).
With WinVoicePro Mobile 2FA we use something the user knows (a user ID and password) and something the user has (a smartphone).
Who is it for?
WinVoicePro Mobile 2FA is designed for any NHS site currently using the fully featured desktop WinVoicePro that wishes their users to be as productive on mobile platforms out-with the organisation’s network. Many authors do not have regular access to a desktop computer to read and verify their WinVoicePro documents. With WinVoicePro Mobile 2FA, users can access their documents on any modern mobile device* as long as they have internet access and are in possession of their smartphone.
*mobile device with full internet browser capability: smartphone, tablet computer, laptop, etc.
The two factor authentication system requires three login credentials every time an author wishes to log in to the mobile application: their user ID, their password, and a 6 digit authenticator token. The 6 digit authenticator token is provided through the use of a special mobile application and without it, login will always be refused. New mobile users are required to register for the mobile application via a WinVoicePro registration webpage and must be existing WinVoicePro users.
New users will be presented with, during the registration process, a coded number, secret key or QR code to enter or scan which pairs with the mobile application on their personal device to create a one-to-one relationship. After registration, users will be able to login to WinVoicePro Mobile using their regular login details and their authenticator token via their smartphone application.
The authenticator token is a unique number that is regenerated every 30 seconds on the smartphone and will only be valid for that time. This 30 second time-out provides the authenticator token with a higher level of security. The token is randomly generated and cannot be copied or hacked without the original secret key which is generated at the point of registration.
The authenticator application is provided by Google and is available on Android, Blackberry OS (4.5-7.0) and iOS and implements the algorithms defined in RFC 4226 and RFC 6238.
Organisations require an installation of WinVoicePro Mobile before they can introduce WinVoicePro Mobile 2FA.