Darren Powell’s Multi-Factor Authentication (MFA) journey as a pharmacist for Weldricks
Darren, a pharmacist who has worked in community pharmacy for over 25 years, is employed by Weldricks and works across several of their pharmacies alongside his role as a clinical lead for NHS England.
Weldricks has over 60 pharmacies across Yorkshire and Lincolnshire, which range from co-location with GP surgeries to pharmacies on the high street in town centres.
“Ever since community pharmacy, and the pharmacy team members were granted access to NHSmail, I saw the benefit of a secure and more importantly, recognised email address. It made community pharmacy a more integrated part of the wider NHS estate”.
Darren uses NHSmail to exchange patient sensitive information with GPs as well as other healthcare professionals and to keep up to date with information from Integrated Care Boards (ICBs). Keeping information confidential and safe is imperative, and MFA adds that extra layer of security.
What is Multi Factor Authentication (MFA)?
Normally you use your email address and password to log into your NHSmail account. MFA is an additional way of checking that it is really you when you log in to your account.
In addition to your email address and password, you will need to set up a second form of authentication, such as an authentication app on your mobile phone, text message or phone call. This second layer of security is designed to prevent anyone but you from accessing your account, even if they know your password.
Why is MFA so important in your role?
“I wouldn’t use online banking without MFA protecting me, it’s become the norm now to insert security codes to verify transactions and NHSmail is a similar concept.”
“I can imagine NHSmail accounts are an ideal base for phishing campaigns for these individuals. I regard NHSmail as an important tool in my clinical practice, and I appreciate that I need to protect and maintain my account for mine and my patients benefit.”
How did you get started with MFA? What did you do?
“As soon as I heard we could apply MFA to our accounts I was keen to get started.
I am fully aware that it will soon become mandatory so why not get ahead of the game and make my NHSmail account safe now!
I used the NHSmail Support site and followed the guidance, it’s clear and concise and easy to follow.”
What method for MFA did you choose?
Darren chose the Microsoft Authenticator App.
“As this was the app I had installed already on my mobile for other secure logins and authentication in my day-to-day activities. I used the portal to switch on MFA, and then enrolled the App following the advice on the portal.”
It took 10 minutes max, to switch on and download the Authenticator App to my NHSmail account.
I simply log in to my account and I am prompted to respond to the App on my mobile.
I use my personal mobile for this, but I do have the App also on my work mobile, and I am permitted to use both when in pharmacy.”
How often are you prompted for MFA?
“I am prompted for MFA when I log in.
At first you might think this is intrusive and a burden, but it is literally seconds to confirm the prompt on my mobile device, and then I’m logged in. I think in the current climate of constant cybersecurity threats, it really is a small price to pay for a secure and well-respected email service. I mean I wouldn’t want to do online banking without MFA being a part of that process.”
You will need to re-authenticate on each device and each browser you log into. For desktop and mobile apps, you will be prompted to authenticate once, and then you will only be prompted again once a key account detail has changed, e.g. you have reset your password.
Do you use Outlook or Web version to access NHSmail services?
“When I’m in branch I tend to use Outlook Web to access my NHSmail service – this is because I’m at differing pharmacies during my employment – so don’t have a permanent computer to use. But from home I will use the Outlook app. Both are easy to setup and use.”
How will MFA work with my smartcard?
If you use a smartcard in your daily role, you will need to have to have one of the three core MFA methods set up first:
- Authentication App: Download the Microsoft Authenticator app to your smartphone to verify your sign in or to get a verification code.
- Text message: A text message (SMS) is sent to the mobile phone number registered containing a verification code.
- Call: An automated voice call is made to the mobile phone number registered prompting the user to press # on their keypad.
NHSmail users can register their NHSmail accounts with a smartcard, however this is not a core option.
Further information on- NHSmail & NHS Care Identity Services (Smartcard)
Additional Information