Skip to content

The Yellow Card scheme has introduced multi-factor authentication and a re-platformed mobile app to enhance user experience and security. Please find further information using the link below.

Yellow Card system enhancements

YellowCard
Making medicines and medical devices safer

Multi-Factor Authentication

The MHRA has implemented Multi-Factor Authentication (MFA) to the Yellow Card website and app to enhance security to protect your personal data. For now, MFA will be optional and users will be able to skip. In the near future, this will become mandatory.

Background

MFA is an effective security method used to protect data and accounts from unauthorised access. It works by adding an additional layer of security beyond the standard username and password, before granting access to an account such as Yellow Card.

When logging into Yellow Card, you will be asked to verify your identity using a second factor (e.g. code sent via text message, voice call, or authentication app). This helps to safeguard your personal data and prevent unauthorised access, even if your password is compromised.

Why are we implementing MFA?

MFA offers enhanced security of Yellow Card accounts using a second layer of defense against unauthorised access. This is vital given Yellow Card accounts contain sensitive personal data. This enhancement therefore aims to further protect reporter and patient privacy.

Authentication Methods

  1. Mobile authenticator app: the most secure method. Generates a one-time 6-digit code, works offline and abroad, and can require biometrics. Examples include Microsoft authenticator, Google authenticator and Authy.

  2. SMS (text message) - Receive a one-time 6-digit code via text to your mobile phone.

  3. Voice call - Receive a one-time 6-digit code via automated call, suitable for mobiles or landlines.

MFA Authentication Methods

How to use MFA

Before you start

  1. Have your phone, tablet, or another device handy.

  2. If you prefer not to use a phone, you can use an authenticator app on a PC, tablet or other smart device.

Sign in to Yellow Card

  1. Go to the Yellow Card website or app and click Sign in.

  2. Enter your email address and password, then click Continue.

  3. If you haven’t set up MFA before, a setup screen will appear after you sign in. You can choose Continue to set it up now, or Skip for now. We recommend setting it up right away for maximum security.

MFA Prompt

Choose your MFA method

Pick one of the following options:

Authenticator app (recommended) e.g. Microsoft Authenticator, Google Authenticator, Authy, or another similar app.

  1. Install an authenticator app on your phone or tablet via the App Store or Google Play Store.

  2. In Yellow Card, select Authenticator app. A QR code and a setup key will appear.

  3. Open the authenticator app, choose “Add account” and scan the QR code with your camera.

  4. If the QR scanner does not work, select the option to enter the setup key manually and type the code shown on screen.

  5. The app will show a 6-digit code. Type it into Yellow Card and click Verify. If the code entered is correct, you will gain access to your account.

MFA Authenticator App

SMS (text message) or voice call

  1. Select SMS or Voice call.

  2. Enter your phone number (ensure to use the correct country code).

  3. Click Send code.

  4. When you receive the code, type the 6-digit code into the box and click Verify. If the code entered is correct, you will gain access to your account.

MFA SMS and Voice Call

Select ‘Remember this device’ (optional) to avoid entering an MFA code on the same browser and device for the next 24 hours. ⚠️ Do not use this option on public or shared computers. ⚠️

MFA Remember This Device

How to add or manage your MFA methods

You can add up to four methods in your profile later. Please note that the same phone number cannot be used for the same method twice. Any change will send a confirmation email to your registered email address for security purposes. 

  1. Sign in to your Yellow Card account.

  2. Go to Account → Multi Factor Authentication

  3. From this page you can: 

    • Add a new MFA method (recommended - so you can still sign in if you lose access to one method) 

    • Remove an existing method 

    • Update or replace a phone number.

MFA Manage Methods

What to do if you didn't receive a code

Try these first:

  • Check your phone signal and that the number is correct.

  • If using an authenticator app, make sure your device time is set to automatic.

  • Try an alternative method.

  • Click Resend code and wait a minute.

If you still can’t sign in, contact mhracustomerservices@mhra.gov.uk for help with a secure reset.

FAQs

When will MFA become mandatory?

Does MFA affect how I submit Yellow Card reports?

Do I need to set up MFA every time I log in?

Can I register more than one authentication method?

I haven’t received a code - what should I do?

What if I lose my phone or can’t access my authentication method?

Do I have to use a mobile phone?

I have a new mobile phone, but kept the same number - do I need to set up again?

I changed my mobile phone number - what should I do?

I’m receiving authentication codes but I’m not trying to sign in - what should I do?

Why do I have to enter a code even after selecting “Remember this device for 24 hours”?

Can I share my MFA device with someone else?

My authenticator app isn’t working

My authenticator app keeps giving me the wrong code - why?

What happens if I delete my authenticator app?

Will I be charged for receiving MFA codes by text or phone call?

Can I use MFA when travelling abroad?

What to do if you experience issues with MFA

Please be assured that you can still submit Yellow Card reports without logging in; however, guest submissions won’t appear in your account. We can retrospectively link your report to an account if you provide the reference number and your email address to yellow.card@mhra.gov.uk.

If you are still unable to authenticate your account after reviewing our FAQs, please contact our customer services team at mhracustomerservices@mhra.gov.uk. Include a detailed description of the issue, the email address linked to your Yellow Card account, your authentication method, and your phone number (for SMS or voice call issues) so we can investigate as quickly as possible.