If you prescribe controlled substances or both controlled substances and non-controlled substances, this is the second step to take, after Verifying your identity through identity proofing (IDP) with Experian.
In this guide, we'll cover:
Adding tokens
To add a token:
- Click Add New Token
Important: We recommend adding two tokens, in case one is lost or inaccessible. Tokens can be added from the EPCS Dashboard at any time. You can have up to 5 tokens for your account.
- Select Code Generator
- Complete the fields listed using the table below
| Field | Enter/Select |
| Token Manufacture | OneSpan |
| Token Issuer | DrFirst |
| Token Type | OTP SOFT TOKEN or OTP HARD TOKEN |
| Token Nickname | Add a nickname or description of the token |
| Serial # / Credential ID |
If you’re using a DrFirst provided HARD token (keyfob):
If you’re using the Symantec VIP Access app SOFT token:
|
| One-time PIN (OTP) | Enter the number generated on either the hard token or the Security Code from the VIP Access app |
- Click Save
Important: If you lose access to all of your registered, active token(s), you’ll need to complete your registration again from the beginning.
Creating two-factor authentication
Next, you’ll create two-factor authentication for your EPCS Dashboard. You’ll be asked to create a passphrase, a security question, and a security answer.
To do this:
- Enter a passphrase
- This is what you’ll use to prescribe controlled substances
- It must be at least 8 characters long, be mixed case, contain at least one number, and avoid special characters
- Enter a security question and security answer
- The security question and security answer will be necessary if you’ve forgotten and need to reset your passphrase
- Since it’s case sensitive, the security answer has to be typed exactly as it was entered
Important: SimplePractice and DrFirst can’t reset a signing passphrase. The passphrase can only be reset by correctly answering your security question. In the event that the passphrase is forgotten and can’t be reset, your account will be disabled, and you’ll be required to complete IDP again from the beginning.
- Click Continue
You’ll receive a verification code via text message or mail.
Via text message
If you entered a mobile phone number and Experian could verify it, you may receive a text message with the verification code. You can enter the verification code on the screen and click Continue to complete identity proofing.
Via mail
If your mobile phone number wasn’t verified and you didn’t receive a text message, you’ll receive the verification code via USPS mail within 5-7 business days. The verification code will be in the upper right corner of the letter.
It‘s safe to close out of the set up process at this time even if you haven’t received the verification code yet. You can proceed to enter the verification code once you receive it.
Note: The verification code within the text message is only valid for 7 days, and the verification code within the letter is only valid for 30 days.
In addition to the text message or letter with the verification code, you’ll also receive a confirmation email from DrFirst that contains a specific link where you’ll submit your verification code.
Important: Do not delete this email from DrFirst. This email contains a specific link where you’ll submit the verification code you receive in the mail or via text message. If this email has been deleted or misplaced, you’ll have to restart the IDP process again from the beginning.
- Once you’ve received the text message or letter with the verification code, click here in this email from DrFirst
- You’ll be prompted to enter your verification code from a text message or from the mail
If you received the verification code after you timed out of your session (either via text message or mail), use the email link you received from InfinIDAdmin@drfirst.com to enter your verification code.
- Click Continue
- Enter the verification code, passphrase, and PIN from your selected token
- Click Continue
This completes your EPCS registration. The final step is to complete Logical Access Control (LAC) with your granting administrator.