Paubox has introduced additional multi-factor authentication (MFA) methods. You can now choose different ways to verify your identity at sign-in. Even if someone learns your password, they still can't get into your account without that second factor.
We added this based on customer feedback. People sign in from different devices in different situations, and one verification method doesn't fit every case. Now you can add several and use whichever makes sense at the moment.
MFA methods
Here are the methods you can set up:
- Passkey: Sign in with your device's fingerprint, face, or screen lock, or with a hardware security key. It's the fastest and most secure option. Nothing to type, nothing to copy
- Authenticator app: A 6-digit code that refreshes every 30 seconds in an app like Google Authenticator, Microsoft Authenticator, Authy, or 1Password
- Text message: A one-time code sent via SMS text message
- Email: A one-time code sent to your account's email address
- Recovery codes: One-time backup codes you save somewhere safe, so a lost phone or device never locks you out
How to set up MFA
You manage everything from Profile → Security. Add a method, give it a name like "Work laptop" so you can tell your methods apart, see when each was last used, and remove the ones you no longer need.
MFA guardrails
Two guardrails keep you from locking yourself out: You can't remove your last remaining method, and email always stays available as a fallback.
Nothing changes for existing users. If you already used text or email verification, it keeps working exactly as before. You can now simply add more.
Why this matters
Passwords get reused, guessed, and stolen. A second factor means a stolen password isn't enough to get into an account that holds patient data. Giving people more than one method to choose from also makes that second factor easier to use, so stronger security doesn't slow down the work.
Strong account security is part of keeping your HIPAA compliant email protected. Customer feedback is part of the Paubox Foundations, and this update came straight from it.
Read more: FAQs: Multi-factor authentication (MFA)
