Setting up two-factor authentication
Two-factor authentication (2FA) adds a second step when signing in, which greatly reduces the risk of unauthorised access to your practice data, client files, and integration tokens. Portal 360 supports authenticator apps and aligns with enterprise security expectations including ISO27001-aligned controls.
Enable 2FA
Go to Settings → Security → Two-factor authentication. Scan the QR code with your authenticator app (Microsoft Authenticator, Google Authenticator, or similar), enter the verification code, and save your backup codes in a secure password manager or offline store. Require 2FA for all admins and users who access billing or integrations.
Firm-wide policy
- Admins can encourage or require 2FA before users access sensitive CRM fields
- Backup codes are single-use — generate a fresh set after using several
- Do not share authenticator devices or backup codes over email or chat
- Pair 2FA with strong, unique passwords for every team member
If you lose your device
Use a backup code to sign in, then reset 2FA immediately and register a new device. If you cannot access backup codes, contact support from your registered firm email (mention 2FA or login in the subject line) for identity verification. Never disable 2FA permanently unless you are replacing it the same session.