HeartLab
Compliance

Securing Access to HeartLab

Practical security guidance for HeartLab accounts, including passwords and two-step verification.

Securing Access to HeartLab

HeartLab enforces password policies aligned with modern security recommendations to help protect user accounts and sensitive patient information.

Users should follow standard security best practices to reduce the risk of unauthorized access.

Recommended security practices include:

  • Using a memorable but strong password or passphrase
  • Enabling two-step verification (2FA)
  • Using a trusted password manager
  • Avoiding password reuse across systems

What is Two-Step Verification (2FA)?

Two-Step Verification, also known as Two-Factor Authentication (2FA), is an additional security layer used to confirm a user’s identity during sign in.

A secure system must confirm:

  • Who you are, and
  • That you are authorised to access the system

Authentication factors generally fall into three categories:

Something you know

Examples:

  • Password
  • PIN
  • Passphrase

Something you have

Examples:

  • Authenticator app
  • Mobile device
  • Security key

Something you are

Examples:

  • Fingerprint
  • Face recognition
  • Other biometric authentication

Why 2FA Matters

Using only a username and password leaves accounts vulnerable to common attack methods.

Phishing

Attackers may send fraudulent:

  • Emails
  • SMS messages
  • Fake login pages

designed to trick users into revealing credentials.

Password Reuse and Credential Stuffing

Reusing passwords across multiple systems increases exposure if another service experiences a data breach.

Attackers commonly test compromised credentials across many platforms automatically.

Password Spraying

Weak or commonly used passwords can often be guessed using automated attack techniques.

Strong passwords alone are no longer sufficient protection for sensitive systems containing clinical information.

Recommended Security Actions

To improve account security:

  1. Enable 2FA from Settings → My Account → Security.
  2. Use a long, strong, unique password or passphrase.
  3. Avoid reusing passwords across systems.
  4. Use a password manager where possible.
  5. Avoid sharing usernames or passwords.
  6. Contact your local IT or security team if compromise is suspected.
Long — Strong — Unique passwords or passphrases significantly reduce the likelihood of unauthorized access.

Password Managers

Password managers can help:

  • Generate strong passwords
  • Store credentials securely
  • Reduce password reuse
  • Improve overall account security

Shared and Public Devices

When using shared or public computers:

  • Avoid selecting “Remember this device”
  • Sign out completely after use
  • Avoid storing passwords in the browser
Only enable trusted device settings on secure personal or organisation-managed devices.

Suspected Account Compromise

If you suspect your account has been compromised:

  1. Change your password immediately.
  2. Review and re-enable 2FA if required.
  3. Notify your organisation’s IT or security team.
  4. Contact HeartLab Support if additional assistance is required.

Additional Notes

Organisations using Single Sign-On (SSO) may manage authentication and 2FA policies through their identity provider rather than directly within HeartLab.

Related Articles

Minimum System Requirements

Minimum recommended operating systems, browser versions, and performance requirements for HeartLab.

Symbol Glossary

Reference for symbols shown in HeartLab, including standard regulatory symbols and common in-app icons.

MFR
Manufacturer
HeartLab Limited 305 / 150 Karangahape Road Auckland 1010 New Zealand
UK REP
UK Responsible Person
Casus UKRP Ltd 107-111 Fleet Street London EC4A 2AB United Kingdom
AUS
Australian Sponsor
Emergo Australia Level 20 Tower II Darling Park 201 Sussex Street Sydney NSW 2000 Australia
MD Applies to HeartLab v7.2 and above Effective 0000-00-00 eIFU version 0.0.0 UDI-DI 09421907090023