Why do you need it?
Good security requires layers of protection, and because of this, Cloudbeds now supports Two Factor Authentication, also known as 2FA or two-step verification.
The Two Factor Authentication is an extra layer of security that is known as "multi-factor authentication" that requires not only a password and user name but also a code or test that only the user can confirm.
By sending a verification code to the customer’s cell phone, Cloudbeds can help protect customers from internet fraud.
You have a few options to use 2 Factor Authentication. Check out the Getting Started section of this article to learn more about each option
- Text Message / Voice Call
- Authy Phone Application
- Mobile Authy app installed
As of April, 2020 - Authy for Chrome and Chrome extension is no longer supported.
To enable the 2 Factor Authentication feature, navigate to your User Profile by following the steps below:
- Click on 'User Profile'
- Under 2 Factor Authentication section, click on 'Continue'
3. Choose a verification method to begin and click on Begin Verification
* Text Message / Voice Call
* Authentication App
The method used to verify will be saved for you and used as the preferred method when you log in.
For the time being, Cloudbeds supports Voice Call and SMS in English, Spanish, and Portuguese.
4. Enter country code, city code and phone number. The system will send you a verification code via SMS or voice call
5. Choose between 'Text Me' or 'Call Me'
A note from Authy:
"Landlines are not fully supported yet. Although we support phone calls to verify your identity and install the Authy Chrome app to your computer, and you can then use the Authy app to log in to external accounts, we've found that if the phone call doesn't work you will be locked out and there are no other means to authenticate. Please don't use Authy with a landline"
6. Enter the verification code sent to the phone number added on the previous step and click 'VERIFY.'
7. If you want, you can change the verification method.
8. At this point, the system displays an Emergency Code which we recommend to save or write down. If you ever lose access to your authentication device, you can use this code to access your Cloudbeds account.
- It's not possible to view current emergency code after you close the window but you can generate a new emergency code on 'User profile' page
- Emergency code can be used only once
9. Click on 'Complete Verification.'
Below are the available methods you can use to verify with the Authentification App
The Authy app is a convenient and free alternative and it can be used offline and is supported on multiple devices.
You will need to download the app to your smart phone. Immediately upon downloading the app, you should enable Multiple Device functionality. Please, find instructions for this here.
When using the Authy app, you must initially verify with the mobile app, however Authy can also be downloaded as desktop app (Download here.)
In your myfrontdesk account when you you begin verification:
1. Enter a cell phone number (Country code, city code and phone number) and click on 'Next'
*We will not call or text the user; this phone number is used to register you as a Cloudbeds user with Authy.
2. Open your Authy app and click the plus button at the bottom of the screen 'Add Account'. This will activate your camera to scan a QR code provided on the verification page.
3. Scan QR Code and click on Next
4. When you click on the Cloudbeds Logo in your Authy app, you will find a Verification Code, please, enter the code and click on 'Verify'
If you are traveling to someplace where you will not have phone access, it is recommended download the Authy app so you can have continued access to the Cloudbeds platform.
If you downloaded Authy App on your mobile device, once you click on "Next" as shown above, you will received the following notification from the app on your device:
Tap on this notification in order to open the app and see the code. You will see the following when you open the app:
Please, make sure to put the same token in myfrontdesk in the field for verification code until it is expired and click to verify:
Once you have finished one of the two processes above, the page will display 2 Factor Authentication information:
- Verified: means that you've completed the process and the code was verified successfully.
You can also see the last 4 digits of the number that you verified.
- Verify New: click on this button to verify a new authentication device.
Please Note: If a user ever needs to use the Recovery Code they should click the "Verify New" button on this page - It is not mandatory for it to be a new phone number.
In order to be secure, a user will only be able to use this code on an already verified browser.
This authentication is required when a users logs in from a new device. To keep your credentials safe, this authentication process will be automatically required every 30 days.
After you have protected your login credentials with 2 Factor Authentication and you are trying to login using a new computer or device:
On the login screen, after entering your email and password (1), the system will ask you for a one-time code to complete verification (2).
The code will be sent to the phone registered in the first section of this article.
Once you receive the one-time code, please enter the code in the field and click on 'Submit.' On this page, you can also choose another authentication method.
Sometimes codes can take up to a minute to deliver. The system prevents users from requesting too many codes, because Authy may temporarily block a user due to too many requests. Considering this information, you can request an SMS code only once in 60 seconds.
There are a few reasons why you may not receive an SMS message when they’re given a 2FA challenge. It may be because the cellular carrier does not deliver SMS messages from short codes (like Authy) or your carrier may be experiencing some other delivery problem. Authy has recommended when a user has mobile service but codes are not delivered users can request their code as a voice call, which can often be more successful.
If you ever lose access to your authentication device (i.e. phone), click on 'Use Recovery Code' on verification screen to gain access to your account.
The user can perform 5 attempts to enter the emergency code. If the system does not allow you to make further attempts, please contact our support: firstname.lastname@example.org
After getting access to myfrontdesk with the recovery code - you will be redirected to the 'User Profile' page to re-verify a device. The 2 Factor Authentication modal will automatically open.
The user may close the window, however closing this modal will be noted in the activity log. It is the user’s responsibility to verify a new device after using the emergency code.
Association Users and Logging FAQ
When a user is logged in as association user, the user can verify his phone number on any property. After he verifies the phone number on any of the association properties, he can access any property in the association. The association user does not need to verify multiple times even if he has access to multiple properties.
The 2FA logging for association users is located in the Association section and will not be logged in each property's activity log.
- When all properties in an association have 2 Factor Authentication enabled, then association users will be redirected to the 'User Profile' page.
- When at least 1 property in association has 2 Factor Authentication disabled, association user won't be redirected to the 'User profile' page which also means that this user can login and switch between all the accounts without verification
Even when 2 Factor Authentication is disabled for 1 of the properties within a group - association users will still have the option to verify with 2 Factor Authentication on the 'User profile' page (but it won't be mandatory)
Frequently Asked Questions
No. If you already verified a phone number, you can simply download Authy app. Just be sure you use the same phone number in Authy as you verified with Cloudbeds. This will ensure when you sign up with Authy that Cloudbeds is added to your portfolio.
If you don't have a mobile phone, there is an option 'Text Message / Voice Call' where you can register a landline. Multiple users can use the same landline phone number. However, Authy notified us that landlines are not fully supported yet. Although we support phone calls to verify your identity, you can then use the Authy app to log in to external accounts, if the phone call doesn't work you will be locked out and there are no other means to authenticate. In such cases, we strongly recommend you to not use Authy with a landline.
Instead of landlines, we recommend the properties to download the Authy app to your phones (please check the instructions above).
If you ever lose access to your authentication device(i.e. phone) for any reason, you can use the recovery code to access your Cloudbeds account.
The system displays this recovery code only once - Keep this information safe, write it down, or screenshot and save.
After gaining access to Cloudbeds with the recovery code, please verify a new phone number right away - It is not mandatory to set up a new phone number.
The emergency code can only be used on a previously verified browser (browser which was used during previous verifications), same device and same location.
If a user changes their phone number (or no longer has access to their old number) go ahead and use the emergency code.
After the first number was verified, the user can verify a new phone number. Access your 'User Profile' (1) and click on 'Verify New' (2) to enter a new phone number.
- This process will override the current number on file;
- At the moment, only one phone number can be used for authentication.
It is permissible for multiple users to all use the same Authy app. However, security-wise, it is not the most advisable.
No. It is fine if every user has the same phone number for 2FA.
Yes. Please, visit this article to learn more about it: Security Page Overview
Yes. However, only property owners have the option to reset the whole process and 'force' the user to follow the process from the beginning.
If your role is 'Property Owner' go ahead and access 'Users' tab and you will be able to see 2FA status -> click on Reset.
The user must access their user profile and follow the steps to verify.