Rounds
Sign up
Browse the help center
Help center home

Your account

Two-factor authentication

Rounds requires two-factor authentication on every account. Here's why, how to set it up, and what to do if you lose access to your authenticator.

Why 2FA is required

A password alone isn't enough to protect protected health information. If a password is guessed, phished, or reused from a site that was breached, it could open the door on its own. Two-factor authentication (2FA) adds a second, time-based code so a stolen password is not enough by itself.

Because of that, 2FA isn't optional in Rounds — every account must set it up, and you'll be guided into it the first time you log in.

What you'll need

An authenticator app on your phone — for example Google Authenticator, Microsoft Authenticator, Authy, or 1Password. These apps generate a fresh six-digit code every 30 seconds. Rounds uses the standard TOTP method, so any of them works.

Set up 2FA

  1. Reach the setup screen

    The first time you accept an invitation and create your password, Rounds sends you straight to the 2FA setup screen — you don't have to go looking for it. (If you ever need to return, it's a step in the login flow.)

  2. Scan the QR code

    The setup screen shows a QR code. Open your authenticator app, add a new account, and scan it. If you can't scan, the app will let you type the setup key shown on screen instead.

  3. Enter the verification code

    Your authenticator app now shows a six-digit code for Rounds. Type that code into the field on the setup screen to confirm the setup worked.

  4. You're protected

    Setup is complete. From now on, after your password, Rounds asks for the current code from your authenticator app.
The 2FA setup screen — Rounds opens this for you during onboarding; scan the QR code, then enter the code your app generates.

Logging in with 2FA

Each time you log in, Rounds asks for two things: your password, then the current six-digit code from your authenticator app. Open the app, read the code for Rounds, and enter it before it refreshes.

If you lose access to your authenticator

If you get a new phone or lose the device with your authenticator app, you won't be able to generate codes — and that means you can't finish logging in on your own.

Good 2FA habits

  • When you move to a new phone, set up your authenticator app on it before retiring the old device.
  • Keep your phone's clock set to update automatically so generated codes stay in sync.
  • Never share a 2FA code with anyone — no one from Rounds or your agency will ever ask you to read one out.