Two Factor Authentication (2FA/TFA)

About the Feature

Bahmni uses basic authentication (username, password) from OpenMRS so far. However, it is optimal to have additional security mechanisms to protect users from fraudulent acts. Hence 2FA was introduced in Bahmni. This feature is optional for an implementation. When this feature is enabled then the user will be authenticated with username and password first and on success, the user will get an SMS with an OTP to his/her registered mobile. The user has to authenticate with the OTP before proceeding to use the system.

Where is it Used?

Every user who logs in to the system with 2FA enabled in the facility.

Benefits

1. This feature helps prevent fraudulent access by adding another layer of user authentication to the application (ensuring the person credentials and mobile phone are available during login).
   
2. This feature discourages users in the hospital from sharing their credentials with another user, since the other person will also need the OTP / Mobile phone of the user to login. This will also discourage people from pasting passwords on computer screens/desks, since that alone doesn't enable login.
3. Even though TFA (using Google Auth, etc) is considered more secure than SMS based OTP, given that places (Low-Middle income countries) where Bahmni is used in areas where feature phones (non-smart phones) are used extensively – OTP SMS is a more feasible and realistic option than GA based TFA.