new security feature: Two-step authentication

Overview and frequently asked questions

Cigna is introducing two-step authentication as a security feature for the Cigna for Health Care Professionals website ( This enhancement offers an extra layer of security to help prevent use of the website by unauthorized users, and further protects the privacy of your patients with Cigna-administered coverage.

How two-step authentication works. When a user logs in to with his or her username and password, a security code will be sent to the email address listed for the user in Settings & Preferences. Once the user enters the security code on the login screen, he or she will gain access to the website.

Email address verification. To help ensure we send security codes to the correct email address, it’s important that registered users of verify that:

  • Their email address is correct. (Log in to; click the drop-down menu under the user’s name > Settings & Preferences.)
  • They have access to the email that is sent to this address.

Frequently asked questions

  1. Will two-step authentication be necessary each time a user logs in to
  2. It depends. If a user selects the option “Remember this device” when logging in, two-step authentication will not be required for subsequent logins.

  3. How does a user’s device know when two-step authentication is not needed?
  4. When users select “Remember this device,” they install a cookie that identifies the device as an authorized device when the user logs in again.

  5. Why would a user be asked for a security code if “Remember this device” was previously selected?
  6. This may occur if the user:
    • Deletes cookies or the browsing history (the device will no longer be identified as an authorized device).
    • Logs in using a different browser.

  7. Will providers that use a federated login or a single sign on for need to use two-step authentication?
  8. No, these users will not use two-step authentication. Likewise, websites that allow single sign on from will not be affected (e.g., OneHealthPort, NaviNet®).

  9. What should users do if they don’t receive a security code in their email box?
  10. They should check:
    • Their email address in Settings & Preferences to be sure the correct email address is on file.
    • The junk folder of their email box.
    • With their administrator to be sure their email is working correctly.

  11. Who should providers contact if they have additional questions?
  12. They should call 800.981.9114.