What is two-factor authentication (2FA)?
2FA is a multi-factor authentication technique, also called two-step authentication. It requires two different steps to log in to Health Mate, meaning users have to enter a code received by SMS, in addition to their password, as an added layer of protection.
Unlike passwords that can be used use over and over again, 2FA codes are for one-time use and a unique one is sent each time you attempt to log into your account.
How does 2FA work?
The effectiveness of 2FA is based on the idea that access to your account should be based on two things: something you know and something you have.
Most of the time, the something you know will be your password. Having a strong, unique password is your first line of defense. But even the best passwords cannot protect your account if they fall into the wrong hands. In other cases, it could also be the shortcode you receive via email, instead of using a password, when logging in to your account.
Withings offers the ability to add a phone number to use with 2FA. This is the something you have. Even if someone has your password, they won’t be able to access your account unless they also have your mobile device.
Please note that if you change your phone number, you’ll need to update it in your account settings in the Health Mate app so that you continue to receive the codes via SMS.
Why should you use 2FA?
2FA is a strong security measure to protect your account from being compromised, keeping your infomation safe. Using 2FA for your account is one of the most important things you can do to keep your data secure as it becomes much more difficult for information to get into the wrong hands.
My password is already secure and unique. Why do I need to add 2FA?
It may be an extra step when logging in, but it's the extra mile for securing your account - especially when it comes to protecting confidential health data. Without 2FA, if someone was able to obtain your password or access your inbox, they may be able to also gain access your information. With 2FA, this becomes much harder as only you have both your phone and your password, the two factors required to log in.
I don't have a mobile phone. Can I use 2FA?
At present, Withings offers 2FA only via a code received by SMS. Therefore, you need to be able to receive this SMS to enable the 2FA feature.
I created my account before the 2FA was available. Can I still enable it?
Yes! You simply need to go to your account settings (Health Mate > Profile > ⚙️ (top right-hand corner of your screen) > Two-factor authentication > SMS) and enable it. Please note that you need a valid phone number to do so.
Note: 2FA is not available for the other Withings apps (Thermo, WithBaby, Withings Home Security Camera, WiScale). You will have to disable 2FA in order to access your account from those apps.
What happens if I lose access to my phone?
You must use the recovery code that was provided when you enabled 2FA. The recovery code will allow you to log in securely and you will be asked to set up a new phone number for your 2FA. You can also access the code at a later time from within the Health Mate app: Profile > ⚙️ (top right-hand corner) > Account & Security > Two-Factor Authentication > Account Recovery and tap Recovery Code.
Why do I receive a recovery code when setting up my 2FA?
The recovery code is your rescue net if you lose access to your phone and you are not able to receive the security code via SMS. The recovery code will allow you to log in securely and you will be asked to set up a new phone number for your 2FA.
Can I remove 2FA once it has been enabled?
Yes. You can remove 2FA in your account settings (Health Mate > Profile > ⚙️ (top right-hand corner of your screen) > Two-factor authentication) but we strongly recommend keeping your account secured with a 2FA at all times. Note that for security purposes you can only delete the 2FA if you are securely logged in using 2FA.
Can I update 2FA once it has been enabled?
Yes. You can update the 2FA in your account settings. Note that for security purposes you can only update 2FA if you are securely logged in using 2FA.
Will my phone number be used for marketing purposes or anything other than 2FA?