EPCS: Register Your Phone As a Back-up Authentication Method for Exostar

Any prescriber who has registered to electronically prescribe controlled substances (EPCS) and has gone through the Exostar ID proofing process probably would prefer to avoid having to go through it again.

The best way to ensure that you won’t have to repeat the ID proofing process is to register your phone as a back-up authentication method. That way, you can still access your account if either your hard token or your soft token (Authy app) becomes unavailable.

Set up your cell phone as a back-up before you need it!

Not the Same Thing as Your Authy App: Registering your mobile phone number with Exostar is not the same thing as using the Authy app as a soft token. They are two separate features — the Authy app can be used in place of your hard token for prescribing, while the back-up authentication option (generally a code sent via text) allows you to access your Exostar account.

Use a Token to Authenticate Your Account

You need to authenticate your account using either your hard token or your soft token (Authy app) to unlock your account and have the option to add a phone.

Open the Token Management Tool

From the PCC eRx My Settings tab, click on the “Exostar Token Management” button to access your EPCS tokens.


The Manage Token box shows your hard token serial number. The Manage Mobile Credential box may include a cell phone number that is associated with your “Authy” app, which is a soft token. The Manage Phones box shows the cell phone number that can be used as a back-up account authentication method.

In the above example, the prescriber does not yet have a phone registered for receiving back-up texts or calls.

Click “Authenticate” for One of Your Tokens

Click the “Authenticate” button for either your hard token or soft token.

Make sure you have the token with you, as you will receive a push notification or code from Exostar on your chosen token.

Acknowledge the Exostar Validation

Just like when you prescribe controlled substances, you will either receive a 6-digit one-time code to enter, or if you have set your phone up for “One Touch”, you will have the option to simply “Approve” the action.

Add Your Phone As a Back-up

Once you authenticate your account, the “Add Phone” button in the Manage Phones box will be enabled, and you will be able to register your phone.

Click “Add Phone”

Click the “Add Phone” button.

Enter Your Phone Number and Delivery Method

Choose whether you want to receive codes via text or phone message, and enter your phone number.

Click “Send Code”

Click the “Send Code” button to receive a one-time code from Exostar verifying your phone number.

If you don’t enter the code within 2 minutes of receiving it, you will need to click “Resend Code” to have a new one sent.

Enter Verification Code

Enter the code you just received from Exostar in the “Verification Code” field.

If you don’t enter the code within 2 minutes of receiving it, you will need to click “Resend Code” to have a new one sent.

Click “Submit”

Click “Submit” to finalize your registration.

Your Phone Is Now Registered!

Back on the Exostar Token Management tool, you will now see your phone number and delivery method. You can click “Cancel” to return to the My Settings window.

  • Last modified: January 22, 2020