Recommended Best Practices for Multi Factor Authentication at your Property
- Ensure you have communicated internally this new change to all users of the Booking Engine within your hotel.
- Every user that has access to the Booking Engine should have their own email address – this makes it easier to trace things if something does happen on the Booking Engine as we have logs by user.
- Email addresses must be company email accounts we do not recommend personal email address as they may not be secure. Should your team member leave the company, they would still have access to log onto the Booking Engine if they are using a personal email address.
- All users should be removed from the Booking Engine when they leave the hotel. Please contact Net Affinity who can disable old users for you.
- For your current users, you can decide the level of access that they have to the Booking Engine, so that some team members don’t have access to e.g. rateplans, availability etc. This can be:
-
- Hotel Admin (full access)
- Bookings Only
- Vouchers Only
- Bookings and Vouchers Only
- We recommend to implement a mobile phone policy at the front desk to help team members who need to have their mobile phone for logging into the Booking Engine.
- We have built in a remember me option which applies for 30 days before the user is prompted to log in fully again with a new code.
- We recommend to agree your own internal policy on whether you want your hotel team to put a new code in each time i.e. not store for 30 days.
- If a team member has a new mobile phone please advise Net Affinity who will reset the authenticator so it can be set up on the new phone.