Multi-Factor Authentication (MFA) enhances security by requiring users to provide at least two verification factors to gain access to an application. This typically involves something you know (like a password) and something you have (like a smartphone app that generates a one-time code). By adding this extra layer of security, you can significantly reduce the risk of unauthorised access, safeguarding system data even if a password is compromised.

Implementing MFA may introduce some operational changes for the hotel staff, but is crucial for protecting the sensitive information in your Property Management, Distribution and related Guestline systems.

Our goal is to make this process as seamless as possible, integrating it smoothly into your login experience. With MFA, you can have peace of mind knowing that your accounts are protected by one of the most effective security measures available today.

Guestline has offered Multi-Factor Authentication (MFA) as an option per-users within user manager, providing many customers with added protection for their Guestline log in credentials. However we recently decided to start enforcing MFA for specific roles we feel require extra protection.

Whilst we strongly recommend MFA for all roles in your organisation, we understand it may pose operational challenges. This article aims to address common questions and provide solutions to simplify MFA's implementation.

You can learn more about specific MFA actions using our guides:

No doubt the first question on your mind will be, whether the enrolment of MFA will change the login process for a user?

Previously, only a username or email address and password would be required upon log in for an SSO user, whether you were logging into; SSO Home, Rezlynx, Distribution Hub etc. Once enrolled in MFA, you will also need to provide an extra verification method in addition to a username or email address and password. This will be in the form of a OneTimePassword from the authentication application of choice and it will be required either every time you log in, or every 30 days if you choose to remember the device.

What is Multi-Factor Authentication (MFA)?

MFA is a security measure that requires users to provide two or more forms of identification before gaining access to an account or system. This typically involves something you know (like a password), something you have (like a smartphone or security token), and something you are (like a fingerprint).

Why is MFA being enforced?

MFA is being implemented to enhance the security of your user account and protect sensitive information from unauthorised access. It adds an extra layer of protection beyond just a password.

Is special hardware required to use MFA?

An authentication app or a browser extension would be required for the additional authentication method. Many authentication apps are free and can be installed on a smartphone, laptop or desktop PC.

What are the available MFA methods?

There are a multitude of free authenticator applications out there that can be used. The list below shows some of the popular applications that may meet your requirements to complete OneTimePassword support. Please check any licensing or other concerns with your IT providers

Can I use alternative ways to authenticate, such as SMS or email?

No, only authentication applications or browser extensions are permitted.

Our hotel has policies that forbids the use of phones on the front desk?

Don’t worry we have you covered with desktop and browser extension authenticator options, that can be downloaded onto your work computer or laptop.

Will I have to enter the authentication code on every log in?

No, there is a prompt on the login screen to remember the device for 30 days. If selected then a code will only be required upon log in every 30 days.

What happens if I have misplaced my authentication device (i.e. forgot/lost my phone)?

If you are unable to access your MFA device, your system administrator (someone with MFA enabled and access to user management options) can either temporarily disable MFA for you, or they can reset MFA on your account so you can enrol a new device. To note it is vital that you save the recovery code when prompted through the enrolment, to make this process as smooth as possible.

How is MFA disabled if I no longer want to use it?

Where possible MFA should not be disabled unless you are wanting to set up a different verification method. If deactivated, and you have access to the User management options, be aware these will no longer be available to use when MFA is disabled. Also, please note that disabling MFA will significantly reduce the security of your account. If needs be, MFA can be disabled via the user management page in SSO.

What can be done if I am having trouble with MFA?

You can check the following:

Is MFA information secure?

Yes, MFA information is encrypted and handled securely. The additional layer of verification helps protect the account from unauthorised access.

How does MFA protect user accounts?

MFA adds an extra layer of security beyond a password, making it significantly harder for unauthorised users to gain access to your account, even if they have the correct password.