Two-factor authentication significantly enhances the security of your Pabau account by requiring an additional verification step beyond just entering your login credentials. This added layer of security helps protect your account from potential attackers, even if they have obtained access to your email address or password.
Why Two-Factor Authentication is Mandatory in Pabau
Clinics and aesthetic practices handle some of the most sensitive data imaginable — personal health records, treatment histories, financial information, and private client details. Protecting that data is not just good practice, it is a legal and ethical obligation.
That is why Two-Factor Authentication (2FA) is mandatory for all Pabau accounts and cannot be disabled. Here is why this matters:
-
🔒 Your client data is highly sensitive Medical and aesthetic records are among the most valuable targets for data breaches. A compromised account could expose confidential client information, putting your clients and your business at serious risk.
-
⚠️ Passwords alone are not enough Even strong passwords can be stolen through phishing attacks, data breaches on other platforms, or simple human error. 2FA ensures that even if a password is compromised, an attacker still cannot access your account without the second verification step.
-
📋 Compliance with data protection regulations Healthcare and aesthetic businesses are subject to strict data protection laws such as GDPR. Enforcing 2FA across all accounts helps Pabau users maintain compliance and demonstrate that appropriate security measures are in place to protect personal data.
-
🏥 Protecting your business reputation A data breach can cause lasting damage to a clinic's reputation and client trust. Mandatory 2FA is one of the most effective ways to significantly reduce the risk of unauthorised access.
-
👥 Securing your entire team 2FA is enforced at the business level, meaning every team member who accesses your Pabau account is protected — not just admins. This ensures there are no weak points in your security, regardless of who is logging in.
Because of these reasons, 2FA is enforced across all Pabau accounts and cannot be turned off. You can, however, configure how verification codes are delivered to your team — either via SMS or Email — to suit your workflow.
The Login Process with Two-Factor Authentication:
Initiating Login:
When you or your team members attempt to log in to your Pabau accounts, you will first provide your standard login credentials (username and password) as usual.
Verification Code Request:
Upon providing the correct login credentials, you will be prompted to provide a verification code.
Receiving the Verification Code:
The verification code will be sent to the mobile phone number associated with your user profile within the Team feature of Pabau.
Inputting the Verification Code:
To complete the login process, you must input the verification code received on your mobile phone. This code acts as the second factor of authentication.
Successful Login:
Once the correct verification code is entered, access to your Pabau account is granted.
To enable 2FA, please follow the steps below:
Step 1: Navigate to Business Details
Click on "Setup" in the left sidebar menu and under "Business," select "Business Details."
Step 2: Access Security Settings
Click on the "Security" tab on the left side of the screen.
Step 3: Enable Two-Factor Authentication
Under "Security Tools," locate the "Force 2FA" option. Click on the "Disabled" button next to "Force 2FA."
In the prompt that appears, select "Enable" to activate two-factor authentication for your account.
NOTE: The 2FA feature in Pabau utilizes Pabau credits for generating verification codes. To ensure uninterrupted access, it's advisable to enable auto top-up of credits.
Choose Your 2FA Delivery Method (Email or SMS)
Once you have enabled Two-Factor Authentication (2FA) for your Pabau account as described above, you can view the option to choose how you receive your verification code at login.
This choice lets you select the primary delivery method that best suits your workflow and security preferences.
You’ll see a dropdown labeled “2FA Delivery priority” with two options:
-
SMS (Text Message) — Receive a one-time verification code sent to the mobile number associated with your account.
-
Email — Receive a verification code sent to your registered email address.
Click on the dropdown and select your preferred method (SMS or Email).
Ensure to click the 'Save Changes' button at the top right corner of the screen to finalize.
Sign in Another Way
When logging into your Pabau account, start by entering your email address and password as usual.
If two-factor authentication (2FA) has not been set up, you’ll then see the option Sign in another way on the next screen.
Clicking Sign in another way lets you continue logging in using an alternative sign-in method, without completing a 2FA step.
Key things to note
-
The Sign in another way option appears after you enter your email and password.
-
It is available only when 2FA is not enabled on your account.
-
Once 2FA is enabled, this option will no longer be shown and verification will always be required.
When you click Sign in another way, you’ll be given the option to send the verification code to your email instead.
Select this option, and a one-time code will be sent to your registered email address. Enter the code to complete signing in to your Pabau account.
For more guides, refer to related articles below, select additional guides, or use the search bar at the top of the page. These guides will help you get the most out of your Pabau account.
Additionally, to help you fully utilize and understand your Pabau account, we recommend exploring additional guides and resources offered at the Pabau Academy. It offers in-depth video tutorials and lessons, offering a holistic learning experience that can equip you with the essential skills for achieving success with Pabau.