Skip to content

    What You Need to Know about Multifactor Authentication

    Just as we care for your health and well-being at Mayo Clinic, we also care about the online safety of your personal health information. To continue to protect this information, Mayo Clinic is moving to multifactor authentication (MFA) within our Mayo Clinic Patient Portal.

    Multifactor authentication is an extra layer of protection to help keep your health information private, secure, and in your control. To learn more about multifactor authentication and why Mayo Clinic is adding this extra security, please read the FAQs below:

    About Multifactor Authentication

    • Multifactor authentication (MFA) is an extra layer of security added to your Mayo Clinic Patient Portal. When you log in to your account, multifactor authentication means you’ll confirm your identity in multiple ways — usually with your password and a secondary code sent to your phone.

      Your patient portal account contains very sensitive information — items like your medical history, prescriptions, lab results, and personal details. Without MFA, someone could try to get into your account by guessing or stealing your password. If successful, that person could see all of your personal health information. With MFA, even if someone knew your password, they could not get into your account without receiving a 6-digit code sent to you as a text or a prompt to press a specific key through a phone call. MFA is like needing both a key and a PIN/code to open a safe.

    • Multifactor authentication protects your health information and is a best practice in meeting high level security standards. MFA blocks more than 99% of credential based attacks. It is one of the strongest protections Mayo Clinic can provide to help keep your personal health information private, secure, and in your control.

    • MFA protects your personal data by:

      • Keeping your health information private. It prevents identity theft and protects sensitive data.
      • Stopping cybercriminals. Even if your password is somehow leaked, MFA makes it nearly impossible for hackers to access your account.

    Timeline and Setup

    • Beginning March 31, multifactor authentication will be required for all Mayo Clinic Patient Portal users. If you previously opted out of multifactor authentication, you will be required to set up MFA before signing in after this date.

    • If you have not set up MFA by March 31, or you have declined it in the past, you will not be able to log in to your portal account until you have set up the verification process. After March 31, the system will prompt you to set up MFA.

      1. Simply log in to the Mayo Clinic Patient Portal.
      2. Go to “Account,” then click “Account settings.”
      3. Select “Multifactor authentication.”
      4. Choose a preferred method — verification by text message or a phone call.
      5. Enter the code (sent via text message) or prompt (via the phone call) that you receive to confirm your device.

    • After you log in using MFA, you will automatically have access to your patient portal account for 7 consecutive days. During that time, you will not need to use MFA, as long as you use the same device (mobile or web browser) and same login method (password).

      The automatic “Remember This Device” option maintains security but allows for quicker access to your portal account for several days in a row. (You must still use your password to log in to your account.)

    • Multifactor authentication adds one step, but it is easy and helps keep your health information safe. MFA may take a few extra seconds at login, but it can make a lasting difference in protecting you from identity theft and unauthorized access to your personal health data.

    Biometrics vs. Multifactor Authentication

    • Biometrics is another secure form of identity verification that includes a face ID or fingerprint login (only used for mobile devices). You may select it in your account settings. Some log-in situations may still prompt an MFA check for security.

      If you use biometrics to sign in to the Mayo Clinic mobile app:

      • You may continue using biometrics for up to 90 days without being prompted for MFA.
      • After 90 days when you log in again, the system will request MFA. After that, you can continue using biometrics as your primary method for secure sign-on.

      Biometrics is only available for the Mayo Clinic mobile app. If you access the Mayo Clinic Patient Portal through a browser on a computer or mobile device, biometrics will not be available.

    • Some patients use smartphones and prefer biometrics when accessing the Mayo Clinic Patient Portal. Other users access their Patient Portal accounts from a desktop computer or from a mobile device that doesn’t support face ID or fingerprint scanning. Offering both options protects the security of your portal account no matter how you connect.

    Device Options

    • If you do not use a smartphone, you can still use MFA by receiving a phone call on your landline. The system will prompt you to press a specific key as the second method of verification.

      You may also contact Mayo Clinic Customer Assistance at 507-738-4013, Monday through Friday, 7 a.m. to 6 p.m. Central Time. Identity-verification steps will still apply.

    • It is best to avoid accessing your private information on public or shared devices. If you must:

      • Always log out fully.
      • The system will still require your password before allowing access the next time someone attempts to access your account.

    • You may need to reset your MFA method within your portal account. If you cannot update your settings, call Mayo Clinic Customer Assistance at 507-738-4013, Monday through Friday, 7 a.m. to 6 p.m. Central Time.

    • Through our security systems, international carriers will not be blocked on mobile devices. You should have no delays in receiving the secondary verification code if you use MFA.

    Your Healthcare and Caregiver/Authorized User/Proxy Access

    • Yes. You can still receive care and obtain information by phone. Identity-verification steps will still apply. Call Mayo Clinic Customer Assistance at 507-738-4013, Monday through Friday, 7 a.m. to 6 p.m. Central Time.

    • “Proxy access” allows someone else (such as a parent, a spouse, an adult child, or a caregiver) to have access to your portal account. Those with proxy access may view your health information (sometimes full access, sometimes limited).

      If authorized users have caregiver access, they will first log in to their own Mayo Clinic Patient Portal account, follow the prompts (which may include setting up MFA), and then they can also view most of your healthcare information from within that same account, depending on the permissions given to them.

    Additional Help

    • Do this:

      1. Select “Resend code.”
      2. Make sure your phone number is correct in your portal profile.
      3. Check for potentially low cellular service in your area.

      If you still have trouble, contact Mayo Clinic Customer Assistance at 507-738-4013, Monday through Friday, 7 a.m. to 6 p.m. Central Time.

    • Call Mayo Clinic Customer Assistance at 507-738-4013, Monday through Friday, 7 a.m. to 6 p.m. Central Time.

    National Doctors’ Day is March 30!

    Give Now!

    Your gift to celebrate this day advances our doctors’ lifesaving work.

    Give Now!