Signing in via the website
Here’s what to expect when you sign in to the Manage My Health website.
Signing in to the portal with email verification
Enter your email and password as usual
You'll see a notice that two-step verification is now active on your account.
Check your email for a 6-digit code
Look for an email from Manage My Health. Check your spam folder if you don't see it.
Enter the code on the "Two-step verification" screen
The code is valid for 20 minutes. You can request a new one if needed.
Choose whether to trust this device
Trusting your device skips verification for 90 days. Only do this on devices you own.
Watch: How two-step verification works
This short video shows you what to expect when signing in with email-based two-step verification.
General
What is Two-Step Verification?
Two-step verification (also known as Multi-Factor Authentication or MFA) adds an extra layer of security to your account. In addition to your username and password, you’ll need to enter a one-time verification code to confirm your identity when logging in.
Why is Two-Step Verification now mandatory?
Two-Step Verification is now required for all users to provide consistent protection for sensitive health information.
It helps:
- Protect your personal and medical data
- Prevent unauthorised access
- Improve overall account security
Can I turn off Two-Step Verification?
No. Two-Step Verification (MFA) is now enabled by default in Manage My Health and cannot be turned off.
Why can’t it be disabled?
- Protect your personal health information
- Prevent unauthorised access
- Strengthen overall account security
- Meet modern healthcare security standards
Email Verification
How does Two-Step Verification work on the web portal?
- Enter your username and password, sign in.
- A verification code is sent to your registered email.
- You will see a “Verify Your Identity” screen.
- Enter the code from your email to complete login.
After your first successful login, you will be directed to your Two-Step Verification settings.
Why is email verification the default method?
Email verification provides:
- Immediate access without extra apps
- A consistent security baseline
- A reliable way to confirm your identity
How long is the email verification code valid for?
The email verification code is valid for 20 minutes.
What this means:
- You must enter the code within 20 minutes of receiving it
- After 20 minutes, the code will expire and you will need to request a new one
- If you have not received the code (usually sent within seconds), you can request a resend after 3 minutes on the Two-Step Verification page
If your code has expired, simply request a new verification code and try again.
What if I can't find my verification email?
Here are some things you can try:
- Search your inbox — Try searching your email for: ManageMyHealth OTP Security Code. The email may be in Spam, Junk, Promotions, Updates or another inbox category.
- Check your Spam or Junk folder — Sometimes verification emails end up there by mistake.
- Check other inbox tabs or categories — If you use Gmail, Outlook or another email provider, the email might be in Promotions, Updates, Social or other tabs.
- Allow more time for delivery — In some cases, emails can take a few minutes to arrive due to email filters, firewalls or network settings.
- Make sure you’re using the right email — If the email address shown isn’t yours, you may be using a different account. Try logging in with a different email.
- Still can’t find it? — You can request a new code by tapping ‘Resend code’ on the verification screen.
What does 'Trust This Device' mean?
When you select “Trust This Device” during login, Manage My Health will remember the device and browser you are using. This means you will not need to enter a verification code every time you sign in from that device.
Only trust devices you own or use regularly. You can remove trusted devices at any time in your account settings.
Troubleshooting
What happens if I enter the wrong verification code?
- You will see an error message.
- You can return to the verification screen and try again.
- Multiple failed attempts may temporarily lock your account.
What should I do if I get a code I did not request?
If you receive a Two-Step Verification code that you did not request, do not enter the code. This may indicate that someone else is trying to access your account. If you are concerned, you can contact Manage My Health Support for assistance: https://managemyhealth.co.nz/support/
Can my account get locked if I enter the incorrect verification code multiple times?
Yes. For security reasons, if multiple incorrect verification codes are entered, your Manage My Health account may be temporarily restricted.
What if my account is locked?
Your account may be temporarily locked after multiple incorrect login or verification attempts.
Please wait until the lock period ends before trying again and ensure you are using the latest verification code sent to your email.
How long is the account locked for?
If multiple incorrect verification codes are entered, your account will be temporarily restricted for security reasons. The restriction lasts for 2 minutes.
After 2 minutes:
- You can try logging in again
- You may request a new verification code if needed
This security measure helps protect your account from unauthorised access attempts.
Set up an authenticator app
Authenticator apps provide stronger security because the verification codes are generated on your device instead of being sent by email. They work offline, are faster and more reliable, and provide industry-standard protection. Popular options include Google Authenticator and Microsoft Authenticator. It is easiest to use both a laptop and your device (phone) to setup an authenticator app.
Enter your email and password as usual
You may need to complete email verification.
Download your preferred authenticator app
Download Google Authenticator or Microsoft Authenticator on your device (if you don't have one), then click Continue.
Enter the code on the "Two-step verification" screen
The code is valid for 20 minutes. You can request a new one if needed.
Add a new account on your authenticator app
Open the authenticator app and tap the ‘+’ button in Google Authenticator or the scan button in Microsoft Authenticator
Scan the QR code
Open your authenticator app on your device and scan the QR code shown on screen. If you can't scan the code, enter the key manually.
Verify your code
Enter the 6-digit code from your authenticator app to complete setup. The code refreshes every 30 seconds.
Save your recovery codes
Copy or download your recovery codes, you’ll need this if you lose access to your authenticator app. Store them in a safe place.
Sign in using the new code your authenticator app generates
Enter the 6-digit code from your authenticator app. The code refreshes every 30 seconds.
Watch: How to set up an authenticator app
This short video walks you through every step of enabling authenticator-based two-step verification in Manage My Health.
Authenticator App
How do I set up Authenticator App Verification?
- Go to Two-Step Verification
- Click Switch to Authenticator App
- Select your preferred authenticator app
- Scan the QR code displayed on screen using the app
- Enter the 6-digit code generated by the app
- Save your recovery codes securely
- Click Complete Setup
Once completed, Authenticator App Verification will be enabled.
What if I cannot scan the QR code?
If you cannot scan the QR code:
- Click “Can’t scan the QR code?”
- Copy the secret key displayed on screen
- Enter the key manually in your authenticator app
What is the 6 - digit verification code?
After scanning the QR code, your authenticator app will generate a 6-digit code.
Enter this code on the setup screen to complete the verification.
The code refreshes automatically every 30 seconds.
What are recovery codes?
Recovery codes are one-time use backup codes that allow you to log in if:
- You lose your phone
- Your device is damaged
- You uninstall the authenticator app
- You cannot access your authenticator app
Which Two-Step Verification method does Manage My Health recommend and why?
What are some common Authenticator Apps?
Manage My Health supports the use of standard Authenticator Apps for Two-Step Verification/MFA.
Some commonly used Authenticator Apps include:
- Microsoft Authenticator : A secure and easy-to-use app available for both Apple and Android devices.
- Google Authenticator: A widely used app that generates secure, time-based verification codes for login authentication.
Patients may use their preferred authenticator app, as long as it supports standard authentication codes.
These apps are free to download from:
- Apple App Store
- Google Play Store
Once installed, you can link the app to your Manage My Health account during the setup process.
Can I use email verification instead of an Authenticator App?
Yes, email verification may be used as a method of Two-Step Verification in Manage My Health.
Email verification provides:
- Consistent protection across all users
- A reliable way to confirm identity
- Immediate access without needing additional apps
However, for enhanced security, an Authenticator App is recommended where possible.
Please ensure your email address is kept up to date to avoid issues receiving codes.
Can I switch back to email verification later?
Yes. You can manage your Two-Step Verification settings at any time through the Two-Step Verification page in the Manage My Health portal.
Troubleshooting
What should I do if the verification code is not working?
Please check:
- Your phone’s date and time are set automatically.
- The correct account is selected in the authenticator app.
- You are entering the current (not expired) code.
If the issue continues, try resynchronising the app or contact Manage My Health Support for assistance: https://managemyhealth.co.nz/support/
What should I do if I get a code, I did not request?
f you receive a Two-Step Verification code that you did not request, do not enter the code. This may indicate that someone else is trying to access your account. If you are concerned, you can contact Manage My Health Support for assistance: managemyhealth.co.nz/support/
What if my account is locked?
Your account may be temporarily locked after multiple incorrect login or verification attempts.
Please wait until the lock period ends before trying again and ensure you are using the latest verification code sent to your email.
How long is the account locked for?
If multiple incorrect verification codes are entered, your account will be temporarily restricted for security reasons. The restriction lasts for 2 minutes.
After 2 minutes:
- You can try logging in again
- You may request a new verification code if needed
This security measure helps protect your account from unauthorised access attempts.
How to trust this device
Sign in to Manage My Health
Enter your username, password, and complete Two-Step Verification as usual
Look for the 'Trust This Device' option
After entering your verification code, you'll see the option to trust the device
Select 'Trust This Device'
For the next 90 days, you won't need to enter a verification code on this device
Manage your Trusted Devices
View and revoke trusted devices on the Two-Step Verification page.
Watch: How enable trusted devices
Watch our short video to see how to trust a device and speed up future sign-ins.
What does 'Trust This Device' mean?
When you select ‘Trust This Device’ during login, Manage My Health will remember the device and browser you are using. This means you will not need to enter a verification code every time you sign in from that device. Only trust devices you own or use regularly. You can remove trusted devices at any time in your account settings.
How long is 'Trust This Device' valid for?
The device will remain trusted for 90 days.
During this time:
- Two-step verification may be skipped on that device
- Login will be faster and more convenient
What happens after 90 days?
After 90 days:
- The device will no longer be trusted
- You will need to complete Two-Step Verification again when logging in
- You can choose to trust the device again if you wish
Can I trust this device again after it expires?
Yes. If the trust expires or is removed, you can simply select ‘Trust This Device’ again the next time you log in. This will restart the 90-day trusted period.
Can I remove a trusted device?
Yes. You can remove a trusted device at any time:
Log in to your Manage My Health account
Go to Two-Step Verification
Select Revoke next to the device
Once removed, the device will no longer be trusted and will require verification at next login.
What happens when I revoke trust?
When you revoke trust:
- The device will no longer be recognised as trusted
- You will need to complete Two-Step Verification again on that device
- Your account, data, and other devices are not affected
Why am I still being asked for a verification code on a trusted device?
Even on a trusted device, you may still be prompted for a code if:
- You use a different browser
- You clear cookies or browser data
- You log in from a new device
- The 90-day period has expired
Can I trust this device on mobile?
You can use “Trust This Device” on the mobile responsive website, but not on the mobile app.
Mobile responsive (browser)
- You can select “Trust This Device” when logging in via your mobile browser
- The device will remain trusted for 90 days
- You will not need to enter a verification code every time on that browser during this period
Mobile app
- The “Trust This Device” option is not available in the app
- Instead, you can use biometric login (Face ID or fingerprint) for faster access
Should I trust every device?
No. You should only trust:
- Devices you personally own
- Devices you use regularly
- Private and secure devices
Still need help?
Contact our support team.