Reset Your Password

athenaCollector + athenaClinicals

athenaOne for Hospitals & Health Systems   

This page allows you to reset your athenaOne password online.

 

Resetting your password and changing your password are different: If you forget your password, you can reset it by entering your Username on the ‘Forgot Password’ workflow (accessed from the login screen). When you know your password and you want to change it, you can use the Password tab on the Update User Profile page to change it.If you forget your Username, you can use the Forgot username? link on the ‘Forgot Password’ workflow (accessed from the login screen) to recover your username through an email verification to your registered email address.

 

On the athenaOne login page, click the Forgot password? link

 

 

Any athenaOne user with a registered email address and who has not been blocked from password reset by their practice administrator can use the Reset Your Password page.

 

 

 

Step by step instructions:

  1. Click the Forgot Password? link.


  2. Enter your Username and click Next.


  3. Enter the verification code that was sent to your registered email address.

     

    Important
    Ensure your email address under Settings> User Profile is valid as the OTP will be sent to the email address provided there for verification. Also, you should have enrolled for at least one MFA factor.
    Email is used only for password recovery and is not considered an MFA factor.


    If you're an EPCS user, continue with the instructions below.

    Otherwise, skip to the Everyone Else section section, as applicable.

     

    EPCS Users:

    1. You must use your EPCS factor to create a new password. Enter your security code and create a new password.

    1. If you no longer have access to your EPCS device, your Identity Verification will need to be revoked in order to allow you the ability to reset your password with your other MFA Factor.

    2. Your Trusted Individual (TI) will need to complete a new Identity Verification for you and you will need to add a new EPCS device in order to regain EPCS access.

     

     

    2. Click Reset Password. The password is reset successfully. You can now log in to your account using your new password.

     

     

    Everyone Else

     

    1. You can authenticate using your enrolled MFA factor. In the example below, the user is enrolled with the Authenticator App (TOTP) method so enters the code from their authenticator app to finish resetting their password.

     

    2. Once the verification is successful, you enter your new password.

     

    3. Click Reset Password. The password is reset successfully. You can now log into your account using your new password.

     

    SSO Users

    If you are an SSO user and you want to reset your password, reach out to your practice administrator for assistance.

 

 

 

After you enter your registered email address, you can reset your password yourself. You can also recover your username if you forget it.

  1. On the athenaOne login page, click Forgot password?.
    The Reset Your Password page appears.
  2. Click forgot username?.
    The Email field appears.
  3. Enter the email address associated with your athenaOne account on the Update User Profile page, and click Next Step.
    A confirmation message appears.
  4. Check the email address associated with your athenaOne account and open the new email that contains your athenaOne username.
    • If you don't remember your password, enter your athenaOne username on the Reset Your Password page to start the password reset workflow.
    • If you know your password, click Return to login to display the login page.

Note: If you have multiple athenaOne usernames that all use the same email address, the email that you receive contains all your athenaOne usernames. You can select the username for which to reset the password.

 

 

 

 

You must have user admin access to unblock a user account. If the user has access to multiple practice IDs, only a superuser with access to the same practice IDs can reset the user's password or unblock the user account.

  1. Display the Users page: On the Main Menu, click Settings >User. In the left menu,under Practice Links — Users, click Users.
  2. Enter search criteria to find the user.
  3. Click Search.
  4. Click update next to the username in the list of search results.
  5. Click the Security tab.
  6. Block password reset — Select Unblock Password Reset.
  7. Click Save.

 

 

You must have user admin access to unblock a user account. If the user has access to multiple practice IDs, only a superuser with access to the same practice IDs can reset the user's password or unblock the user account.

  1. Display the Users page: On the Main Menu, click Settings >User. In the left menu,under Practice Links — Users, click Users.
  2. Enter search criteria to find the user.
  3. Click Search.
  4. Click update next to the username in the list of search results.
  5. Click the Security tab.
  6. Block account — Select Unblock Account.
  7. Click Save.

 

 

 

 

Your password must meet the following criteria:

 

  • Must not be a weak password (e.g., “Password” or “11111111”) or commonly used password (based on a database of over 1 million common passwords).

  • Must not contain the first name, last name, username or email address on that account.

  • Must be a minimum of 15 characters.

  • Must be a maximum of 72 characters.

  • Must not be any of the last 30 passwords for your account.

  • Your account is automatically locked and requires a password change after 5 failed login attempts.

 

 

To create a unique password that you can remember easily:

  1. Pick a phrase. For example, "Wow, I really love cookies and ice cream."

  2. To avoid a weak or common password, use the initial letter of each word in the phrase to create a nonsense string of letters that is not found in a dictionary. Additionally, you can capitalize letters or add punctuation where it would occur in the phrase. For this example, your string might be “W,Irlcaic.”.

    To help meet length requirements, you can use the first two letters of each word in the phrase. Continuing the example above, your password would be “Wo,Irelocoaniccr.”

 

 

 

athenahealth, Inc., takes the privacy and security of your information very seriously. This section provides frequently asked questions regarding our password controls.

 

 

 

If a security breach occurred using a non-changed password, you would be responsible for having failed to enforce appropriate password controls to prevent the disclosure of PHI. As your co-sourcing partner, we also view this risk as a significant threat to our business obligations, given the amount of sensitive information that athenahealth stores on all our clients' behalf. Our password controls are strictly enforced and cannot be changed for any client.

 

 

 

In the event of a severe compromise of athenaOne infrastructure resulting in unauthorized access to athenaOne authentication credentials, the combination of non-trivial passwords (enforced by our password policy) and cryptographic storage methods increases the amount of time required for an attacker to compromise any of our clients' original passwords.

 

 

 

Although password complexity and aging impose a burden of entering complex and frequently changing passwords, strategies are available to help create and manage passwords to ensure that they are both strong and accessible. We cannot recommend or endorse any of these solutions, but we offer them for your review and consideration:

  • Password managers such as KeePass, 1Password, and LastPass allow users to store and retrieve passwords quickly from an encrypted database. Some users generate completely random and unique site-specific passwords, relying on browser auto-fill and clipboard password management.
  • Password generation schemes such as Diceware help users create easier-to-remember passwords that are hard for a computer to guess.

  • EPCS Prescribers:

    • If you are using a Password Manager for athenaOne, your Password Manager must be password protected with a password that meets or exceeds the athenaOne password requirement.

    • The Password Manager must require you to enter the password during EPCS actions in order to fill in your athenaOne/SSO password (if using EPCS SSO). The Password Manager MUST not skip a password entry.

 

 

Related Topics Link IconRelated Topics