This white paper provides and overview of the PainChek Quick Sign In functionality and the benefits it provides to your organisation.
PainChek users must be authenticated before they can access PainChek - whether that is using the mobile apps (iOS/Android) or the PainChek portal. The standard (or regular) sign in method is via a username (typically the users email address) and a password.
On a mobile device, having to enter (and remember) a full username and password before using the app during clinical practice may at times create barriers to adoption, particularly given PainChek is a point of care assessment tool. For example, typing in a full username and password on smart devices can be tedious if devices are shared among multiple users on a shift.
To address this, the Quick Sign In feature is available in PainChek. Quick Sign In allows a user to select their avatar (image) and sign in using a 4-digit PIN - a much more streamlined sign in experience.
Quick Sign In provides the following key benefits to PainChek users:
Provides a faster sign in experience for users, which is particular useful when a device is used by multiple users
It allows users to sign into the PainChek app when they app is off-line (has not internet connectivity). This is critical for any sites with variable wifi connectivity. Without Quick Sign In, the end user would need to locate an area with wifi to login with their username and password credentials.
Configuring Quick Sign In
Quick Sign In is an optional feature of PainChek that can be activated on your organisations PainChek license. If it is activated, it is then available for all users in your organisation. 98% of all PainChek clients utilise Quick Sign In.
Enabling Quick Sign In for a User on a Device
Once Quick Sign In activated for an organisations, a user will need to set-up Quick Sign In on each device they use before they can actually sign in using their Quick Sign In PIN.
The process for enabling Quick Sign In is:
The user performs a regular sign in (i.e. signs into the app with their username and password)
PainChek will prompt the user to enable Quick Sign In on their device. If they accept, they can record a a 4 digit PIN
If the user initially declines to enable Quick Sign In, they can do so at a later point in time by going to their user profile in the mobile app.
Sign In Using Quick Sign In
If one or more users on a device have enabled Quick Sign In, then, when the app is launched (or the app locks itself after a period of on inactivity), the app displays a list of users who have quick sign in enabled:
The user taps on their avatar and then enters their PIN. If the PIN is correct, the user is signed into the app.
The PIN is verified against a local copy of the PIN, meaning that, even if the device is offline, the user can still be authenticated and granted access to PainChek.
If a user does not have Quick Sign In enabled on the device, they can always perform a Regular Sign In.
See the PainChek User Guide - Signing In to PainChek for more details on how sign into PainChek using Quick Sign In.
Quick Sign In (QSI) has a number of security provisions built in:
A user must perform a regular sign in on a device before Quick Sign In is enabled for them on that device - Quick Sign In never gets automatically turned on for a user on a device
Although the PIN is verified locally on device, if the device is online, the server is checked to ensure the user is still valid (i.e. they are still active). If the user is no longer valid, the Quick Sign In will fail.
If the user changes their password, the users Quick Sign In is invalidated and they are required to perform a regular sign in (with their new password) before their Quick Sign In PIN can be used again.
A user can update the Quick Sign In PIN from within the mobile app
A user can disable Quick Sign In on a device
If a user forgets their PIN, they can sign into the mobile app using a regular sign in and then update or disabled their PIN
a users PIN (and password for that matter) is stored in hashed and salted form (so the users PIN or password can not be determined, even if the stored data is compromised)
As per standard PainChek installation instructions, devices should also have a passcode established on the home/lock screen on the device to provide an additional layer of protection
Quick Sign In only applies to the iOS or Android mobile apps - it is not available on the PainChek portal (portal users must always perform a regular sign in)