Two-Factor Authentication in Checkfront

by Mia Steinberg

google-tfa

Two-factor authentication is an increasingly popular method of protection against password phishing and identity theft, and it’s particularly important for those who conduct transactions online. If a malicious user got ahold of your password and logged into your account, they would have access to a lot of vital data and commerce details that could seriously compromise your online identity. Two-factor authentication, abbreviated as 2FA, adds an extra layer of protection to the typical username/password combination, so that even if someone does get hold of your password they won’t be able to log into your account.

The basic principle of 2FA is to require a user to have multiple credentials in order to log into an account. In general, there are three types of credentials:

  • Something you know, such as a password or PIN
  • Something you have, such as a cell phone or ATM card
  • Something you are, such as a fingerprint or voice ID

The idea behind two-factor authentication is that while a thief may get their hands on one of your credentials, it’s highly unlikely that they will get access to both. If they crack your password, they probably do not have access to your mobile phone; similarly, if someone steals your debit card, it’s unlikely that they will know the PIN. Two-factor authentication is not completely invulnerable to attacks, but it is more secure than the old username/password combination. One common type of two-factor authentication uses your password and your cell phone. When you log into an account from a new computer or device, you will be sent a numeric code via text message. You must enter the code in order to access your account.

As of Checkfront v3.4, we are making two-factor authentication an option for all logins. With 2FA enabled, you’ll sign into your Checkfront account as normal with your username and password; however, you’ll then be asked to input a six-digit code that will be either sent to your phone via text (carrier rates may apply) or accessible via the Google Authenticator app. These codes are randomly generated and different every time you sign in.

If you consistently log into Checkfront from certain computers, you can set your account to remember those devices; it will still require codes when your account is accessed from an unrecognized device. If you receive a text message but have not signed into a new device, change your password immediately.

Setting Up

Screen Shot 2015-05-21 at 3.15.38 PM

In order to activate two-step verification, follow these steps:

1: On your Checkfront dashboard, click on your name in the upper-right corner and go to Profile

2: Click on the ‘Setup your Two-Factor Authentication’ link

3a: If you have previously entered your phone number into your Checkfront profile, click “Text code to (phone number)”

3b: If you have NOT entered your number into your profile or you do not wish to have a code texted to you, download the Google Authenticator app on your phone from Google Play (Android) or the App Store (Apple), as instructed, and scan the presented QR code with the app; you will be presented with a numeric code.*

4: Enter the code into the box labeled ‘Code’

5: Hit “Submit”

*We recommend that you add your phone number to your Checkfront profile to serve as a backup in case you lose your phone. If you enter your number into your profile, please click on the ‘Update’ button before attempting to set up two-factor authentication.

Note: this feature is currently in beta, so please contact our Support team with any questions, issues, or bugs you may encounter.

Smart Simplified Online Bookings

Attract more customers with online bookings and make reservation, payment and customer management a breeze.