How Two-Factor Authentication (2FA) Works

Purpose of This Article

Two-Factor Authentication was introduced as a mandatory login requirement in March 2026. This article explains why it exists, how it works in practice, and helps practice staff understand and complete the login process confidently.

Main Content

What Is Two-Factor Authentication?

Two-Factor Authentication (2FA) is a security measure that requires you to verify your identity in two ways before accessing your account:

• Factor 1: Something you know — your password
• Factor 2: Something you have access to — a one-time code sent to your registered email address

By requiring both, 2FA significantly reduces the risk of unauthorised access to your dashboard account, even if someone else obtains your password.

Why 2FA Is Required on the Dashboard

The QuantumLoopAI dashboard contains patient request data, call recordings, and operational information about your surgery. Protecting this data is a responsibility QuantumLoopAI takes seriously.

2FA was introduced in March 2026 as a mandatory requirement for all dashboard users. It cannot be disabled for individual accounts or at practice level.

How 2FA Works on the Dashboard

Every time you log in to the dashboard, you will complete two steps:

Step 1 — Enter your credentials Go to https://quantumloopai.com/ql-dashboard, enter your registered email address and your password, then click Log In.

Step 2 — Enter your verification code A one-time verification code is automatically sent to your registered email address. Open your email inbox, find the code, return to the dashboard login page, and enter it.

Once both steps are completed successfully, you will be taken to the dashboard home screen.

The verification code:

• Is sent to your registered email address automatically after your password is accepted
• Is valid for a single login session only
• Expires after a short period if not used promptly
• Is different every time — previous codes cannot be reused

What Your Registered Email Address Is

Your registered email address is the address QuantumLoopAI used when setting up your account. It is also your dashboard username. It was included in the Dashboard Access Credentials email sent to you during onboarding.

The verification code will always go to this address. If your email address has changed, contact support@quantumloopai.com to have your account updated.

Preparing Your Email Inbox

To make the 2FA process smooth:

• Add the QuantumLoopAI sender address to your contacts or safe senders list so verification code emails are not filtered to spam.
• Check your spam or junk folder if a code does not arrive — this is the most common cause of not receiving the code.
• If your organisation's email system applies strict filtering, ask your IT administrator to whitelist emails from QuantumLoopAI's domain.

Step-by-Step Instructions

Full login process with 2FA:

1. Go to https://quantumloopai.com/ql-dashboard
2. Enter your registered email address in the username field.
3. Enter your password.
4. Click Log In.
5. Open your email inbox. Look for an email from QuantumLoopAI with the subject line containing your verification code. Check your spam or junk folder if it is not in your main inbox.
6. Copy or note the verification code from the email.
7. Return to the dashboard login page and enter the code in the verification field.
8. Click Verify (or equivalent).
9. You are now logged in to the dashboard.

If the code expires before you enter it: Return to the login page, enter your username and password again, and a new code will be sent.

Troubleshooting

I entered the correct code but it is not being accepted. The code may have expired. Return to the login page, log in again, and enter the new code as quickly as possible after it arrives.

My code is going to spam every time. Mark the QuantumLoopAI sender address as safe in your email system, or ask your IT administrator to whitelist the domain at the network level. Once marked as safe, future codes should arrive in your main inbox.

I am not receiving any codes at all. Work through the checks in: I Am Not Receiving the 2FA Verification Code (article 3.10).

I cannot log in because I no longer have access to my registered email address. Contact support@quantumloopai.com. The team will need to verify your identity before updating your registered email address.

Multiple staff members cannot log in after 2FA was introduced. If this affects multiple users, the issue is likely at the organisation's email filtering level. Contact your IT administrator and ask them to whitelist QuantumLoopAI's email domain. Contact support@quantumloopai.com in parallel.

FAQs

Is 2FA mandatory for all users? Yes. Two-Factor Authentication is mandatory for every dashboard user. It cannot be disabled for individual accounts or at practice level. This applies to all user roles including Admin and Standard users.

Can I use an authenticator app instead of email? No. The verification code is sent by email only. Authenticator apps are not currently supported.

Do I need to complete 2FA every time I log in? Yes. A new verification code is required on every login. Codes are one-time use only and expire after a short period.

Is the verification code the same every time? No. A unique code is generated for each login attempt. Previous codes cannot be reused.

What should I do if I think someone is trying to access my account? If you receive a verification code you did not request, it may indicate someone has obtained your password and is attempting to log in. Do not share the code. Contact support@quantumloopai.com immediately and consider resetting your password. See: How to Reset Your Dashboard Password (article 4.1).

Why was 2FA introduced in March 2026? Dashboard accounts contain patient request data and call recordings. 2FA adds an important layer of protection against unauthorised access, particularly given that dashboard credentials are sometimes shared or reused across teams. It aligns with NHS data security best practice.