We are pioneers in implementing up to 3 methods of double authentication for accessing our platform
The importance of protecting our customers' business and making their transactions even more secure is one of the improvements we have been working on in recent months. Improving your security is almost an obsession, for this reason we have designed a protocol that offers up to 3 methods of double authentication for user login.
Step one: what is two-factor authentication and what is it for?
This system of user session protection is becoming more and more common and increases security when logging in. To do this, the user is required to make two checks: the most common is the password, followed by a second check to confirm their identity.
This type of methods are very effective to avoid phishing, this hacking technique that impersonates a company by sending emails requesting personal and banking information to the user and that is currently affecting many hotels.
What methods are available at GuestPro?
There are different types of systems to execute this double authentication or 2-step verification. These are the three that we have implemented at GuestPro:
- Authenticator App: this is a standard and is compatible with multiple providers such as Google Authenticator or Microsoft Authenticator, among others, and consists of downloading an authentication App on the mobile phone. You then scan a QR code that appears on our platform, which generates a code that is sent to the App and will be used to access the GuestPro PMS.
This is the most secure method and the one we recommend over the rest to protect the login.
- SMS / Call: this method has been the last to be implemented in our system and requires entering a phone number that receives a validation code. If a mobile phone is entered we send an SMS and if it is a landline the user receives a phone call notifying them of the code via voice message.
It is a very secure system that requires telephone support, whether mobile or landline.
- Email 2FA: finally, perhaps the best known method is the email method that sends the access code to the email address that the user has in our system or to an alternative one that the user decides at the time of configuration.
In this case we are dealing with the least secure option as the attackers, the phishers, will also try to compromise this email account and gain access to your information.
Is it mandatory or can I still access without double verification?
GuestPro advises all our clients to incorporate one of these factors. It is essential to protect the sessions of all employees using our platform to avoid the dreaded phishing attacks and to avoid putting your customers' transactions at risk.
The recommendation is this, although hotels are free to use or not to use the resources we make available to them. Our experience indicates that protecting logins is a key tool for your protection and that it should be added to all the security that each hotel has established in its daily operations.
IP Whitelist, we restrict access to GuestPro from the hotel only.
One last improvement we have added to protect the login is the new IP Whitelist restriction. This option allows some users to limit access only to devices that connect from the hotel network by indicating the hotel's IP.
This is an ideal restriction for operational teams, such as reception or housekeeping, as they will be able to access the system without the need for two-factor authorisation.
