What is two-factor authentication
A common measure to increase safety when logging in. It consists in two checks: the password and another one, which could involve sending a code to the user’s email, cell phone, etc.
Why have we added two-factor authentication to Mirai’s extranet
The extranet contains sensitive data such as the personal information of clients and payment details. All businesses, including hotels, suffer access attempts to obtain these data for fraudulent purposes. You have the most interest in making sure this doesn’t happen.
Is there any way to avoid the extra hassle it involves?
Sadly, there is no alternative available. As with other systems you use, safety comes first and that always requires a little bit of effort.
How will it work in the specific case of Mirai’s extranet?
We have decided to use EMAIL authentication, using the email address associated to each existing user. When trying to access the extranet, the system will send an email with an access code the user will have to indicate within 5 minutes of reception in order to access the extranet. If the time expires or the code is not copied properly, the system will cancel the access and the user will have to start over.
You choose what to do for each user: authenticate every time or remember user (up to three months)
To strike the right balance between maximum safety and comfort, you can choose whether to configure each user of the extranet in one of two ways:
- Authenticate every time that user tries to access the extranet
- Remember the user for three months as long as he/she does not change browser
When is it going to start?
On 15 June 2021.
What you have to do
- Inform the workers of your hotel/chain who use the extranet
- Take advantage to create different users. Do you use a single user for several people to access the extranet? Ideally, you should take advantage to create a different user for each person. That way it will be easier to control who accesses the extranet and does what. However, they will all need to have different email addresses. If so, ask your account manager to create as many users as you need. Remember, we can also configure certain users so that they will only be able to access certain parts of the extranet.
- Choose whether to authenticate every time or remember user. Tell us what you prefer for each user.
- Inform your account manager about the emails you want to associate to each user. If you do not do this, the system will automatically assign the email address through which you receive your bookings.
What will happen on 15 June if you don’t do anything
The extranet will ask for authentication and send an email with the access code to the email address through which you receive your bookings.
What will happen with the channel manager, who also accesses the extranet.
The channel manager will not be affected by this change. We know who they are, and they do not require authentication.
For your peace of mind…
The newly generated emails contain information about when and where an access was attempted. If you do not recognise said access attempt, it could be an unauthorised party, so be careful.
Contact your account manager if you have any questions.