RoomKeyPMS is excited to introduce Multi-Factor Authentication (MFA) for Clerk logins in Version 11.0.0.42. By enabling this feature, users will be required to enter a one-time code generated by an Authenticator App (such as Google Authenticator, Microsoft Authenticator, Authy, LastPass, etc.) in addition to their regular password. This extra layer of security ensures that only authorized personnel can access RoomKeyPMS, protecting your data and account from unauthorized access. A few things to note regarding the MFA Login Option for RoomKeyPMS:
- Properties must be on RoomKeyPMS Version 11.0.0.42 or higher in order to use the MFA Login Option
- When MFA is enabled for a Clerk, if they attempt to log in to RoomKeyPMS Version 11.0.0.41 or lower, they will be able to bypass MFA. Therefore, it is crucial that ALL computers are updated to Version 11.0.0.42 or higher.
- Once enabled, the MFA Code will be required to Login to RoomKeyPMS, to reset a RoomKeyPMS Password and to access the Clerks Module.
- If a Clerk with MFA enabled accesses BI Insight or Owner Accounting, they will also need to authenticate using MFA on those sites. NOTE: MFA setup must be completed by logging into RoomKeyPMS prior to attempting to access BI Insight or OA.
- MFA cannot be used in conjunction with Microsoft SSO Login. However, properties using SSO can still enable MFA for Clerks who have the "SSO Bypass" option checked.
NOTE: This feature is currently available to Windows PC users. This note will be removed once available for macOS users as well.
MFA (Multi-Factor Authentication) is a security process that requires users to provide two or more verification factors to gain access to a system, application, or account. It’s an extra layer of security designed to make it harder for unauthorized individuals to access your sensitive information.
There are typically three types of factors used in MFA:
- Something you know (e.g., a password or PIN).
- Something you have (e.g., a smartphone, hardware token, or smart card).
- Something you are (e.g., biometric data like fingerprints, facial recognition, or voice recognition).
By combining these different factors, MFA significantly reduces the likelihood of unauthorized access, even if one factor (like a password) is compromised.
Why MFA Should Be Implemented:
- Enhanced Security: A password alone can be easily stolen, guessed, or hacked. With MFA, even if someone gets hold of your password, they would still need the second or third factor to access your account, making it much harder for attackers to succeed.
- Protection Against Phishing: If an attacker steals your password through a phishing attack, they still can't log into your account without the second factor (e.g., a one-time passcode sent to your phone). This adds an extra layer of defense.
- Mitigating Data Breaches: In case of a data breach where passwords are leaked, MFA can prevent unauthorized individuals from using those passwords to access sensitive systems or personal data.
- Compliance Requirements: Many industries (e.g., healthcare, finance) require MFA as part of regulatory compliance, such as HIPAA, PCI-DSS, or GDPR, to protect sensitive data and avoid costly penalties.
- Reduced Risk of Account Takeover: Many accounts are protected only by passwords, and if passwords are weak or reused across different sites, hackers can exploit this vulnerability. MFA adds another hurdle for attackers, significantly reducing the risk of account takeover.
- Peace of Mind: Knowing that even if your password is compromised, there are additional protections in place can provide greater confidence in the security of your data.
Implementing MFA is a simple and effective way to increase the security of your accounts, especially for critical applications like banking, email, and work-related systems.
Before enabling Multi-Factor Authentication (MFA) for a RoomKeyPMS Clerk, please ensure that the Clerk has access to a device capable of generating authentication codes. These codes are required as part of the MFA setup process.
Common applications that can generate the necessary authentication codes include:
- Google Authenticator
- Microsoft Authenticator
- Authy
- LastPass Authenticator
These apps are crucial for the MFA process, as they will generate the one-time authentication code needed to complete the setup and secure the Clerk's login.
To Enable Multi-Factor Authentication (MFA) for a Clerk in RoomKeyPMS:
In RoomKeyPMS, navigate to System Configuration => Clerks and proceed to select the Clerk for whom you want to enable MFA. Next:
- Select Modify
- Check the "Multi-factor authentication (MFA)" Active checkbox
- Select "OK" to save the changes
MFA is now successfully activated for the selected Clerk.
NOTE: If a Clerk is enabling MFA for themselves, after they selecting "OK" to save the changes, RoomKeyPMS will restart. Upon logging back in, the Clerk will be prompted to setup MFA in their chosen Authenticator App, following the instructions provided below.
The next time the Clerk logs in, they will be prompted to setup MFA in their Authentication App by either scanning a QR Code or using the Manual Registration Code.
Once configured, the Clerk will select "Save" and then they will be prompted to enter their 6 digit Authenticator App Code to sign into RoomKey.
If a Clerk selects 'Cancel' and does not complete their MFA setup by entering their Authentication Code to log in, the code will become invalid, and they will be prompted to register a new code the next time they sign in.
To reset a Clerks MFA Code, go to System Configuration => Clerks and locate the Clerk in question. Next, select the "Reset MFA" button.
A warning will appear, select "OK" to confirm MFA reset.
A message will appear to confirm that Multi-factor authentication was reset. The next time the Clerk logs in, they will be prompted once again to setup MFA in their Authentication App by either scanning a QR Code or using the Manual Registration Code. Previous Codes will not longer be valid.
NOTE: If a Clerk is resetting their own MFA, once reset is confirmed, RoomKeyPMS will restart. Upon logging back in, the Clerk will be prompted to setup a new MFA code in their chosen Authenticator App. Previous Codes will no longer be valid.
In RoomKeyPMS, go to System Configuration -> Clerks. Follow steps outlined below for the Clerk in question:
- Select Modify
- Uncheck the "Multi-factor authentication (MFA)" Active checkbox
- Select "OK" to save the changes
MFA has now been deactivated for the Clerk.
NOTE: Should the Clerk choose to reactivate MFA, they will be required to set up a new MFA code, as the previous one will no longer be valid.
Housekeeping Schedule is accessible via the Housekeeping Module for both MFA & non-MFA Clerks.
Multi-Factor Authentication (MFA) will not be required for the Housekeeping Scheduler when accessed via URL. This decision is based on the fact that the Housekeeping Scheduler module does not contain any sensitive or protected data that would necessitate the activation of MFA for access.
Profile Match & Merge is accessible via the Guest Profile Module for both MFA & non-MFA Clerks.
If a Clerk has MFA enabled, they will be required to enter their MFA Code when logging into BI Insight.
NOTE: MFA setup must be completed by logging into RoomKeyPMS prior to attempting to access BI Insight.
If a Clerk has MFA enabled, they will be required to enter their MFA Code when logging into Owner Accounting.
NOTE: MFA setup must be completed by logging into RoomKeyPMS prior to attempting to access OA.