Skip to content
← Property Operations & PMS

What is the problem you're trying to solve?

Property Operations & PMS: User management

Categories

JUMP TO ANOTHER FORUM

(thinking…)

2FA authentication on the device rather the sign on

2FA does not authenticate the device rather the sign on, can this be applied as a device authentication rather than sign on as it impedes operations. Feature request to have more flexible ways around using the 2FA a fob to login at the desk for example?

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

pierre.bazin shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
idea to upvote  ·  Adminjord.sips (Product Manager, Mews Systems) responded  · 

Hello from the Mews product team. Thank you for your suggestion, we have updated your request and set it as one to be upvoted by the Mews Community. Remember you can share a link to your request so that your colleagues can also upvote your suggestion.

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jean-Philipp SPIESS commented  ·   ·  Report

    Hello! 2FA could be improved to make it less annoying. See thread at https://community.mews.com/mews-updates-38/mandatory-two-factor-authentication-is-coming-to-mews-here-s-why-it-matters-1217

    Especially:
    Automatic session locking is not generally solved yet (see following thread)
    CharlieDelamare
    Enhancing user security with Auto-lock Chrome Extension Tutorial
    Make 2FA less anoying:
    - Sessions could/should remain active for a prolonged time (couple of days), if ...
    * automatic session lock (with pin code) would be possible accross all devices, independent of browser extensions/scripts (see 1)
    * login happened from a white-listed IP range (ip range of hotel/office)
    - Make it possible and easy to register more than one TOTP authentication device to an account, so that users can have backup device
    - provide an option in the marketplace to order packages of hardware TOTP tokens for hotels that cannot or don’t want to use employees private devices with 2FA apps
    Allow Passkeys in addition to 2FA, so that one can authenticate either with a passkey + pin OR Username/PW+TOTP, depending on where you are - that way reception/on-site staff could easily login with pin from authenticated devices (where passkeys are stored), or with TOTP 2FA from off-site networks
    Provide the option restict login to property specific white listed IP ranges, OR IP locations (GeoIP based) (for example a hotel in Europe will not need logins from Asian IPs)

    I hope I could provide a few ideas. I think there are really many things that need to be improved, but need carefull consideration and panning. I think the current rush to enforce TOTP 2FA is not planned well enough - I guess that many properties will struggle with that and internal IT support teams will get some load from users having troubles setting up their 2FA App, resetting it when lost/new phone, etc… good luck with that ;-)

    In summary the things that most annoy me at the moment are: daily 2FA reauthentication, no default auto-locking of sessions with pin code, and the fact that it is not straight forward easy to register a second backup 2FA device/app. If a hotel has a larger user base, there are propably a few more things with mass user managment issues - but since we are a small place, someone else needs to address those ;-)