2FA, two-factor authentication or 2-step verification, is a way to protect your online accounts. When you login to any online service using only username and password, anyone that knows or guesses your password can login to the service, inpersonating you. 2FA is a way to protect your accounts – when logging in, besides providing username and password, you also have to use a physical device, such as a your phone or a smart card, to verify your identity. Normally you don’t have to use your phone or smart card every single time you login, but at the very least the first time you log in in on a new computer or other device.
GDPR, the EU data protection regulation, doesn’t explicitly require the use of 2FA when processing personal data, but “appropriate measures” should be taken to secure sensitive information. A common interpretation of the regulations is that username and password only is not enough when handling sensitive, personal information. 2FA is one step to reduce the risk of data leaks, which under GDPR could result in significant financial penalties.
MediCase eCRF has support for 2FA. If you have a MediCase account we encourage you to activate “2-Step Verification” to protect the integrity of yourself and the study subjects. If you conduct a study, you can configure the study to require 2FA for all users accessing your study.