Clock PMS+ has been designed with strong security measures in mind to prevent the unauthorized access to your critical data and operations.
Network security
Allows you to control from which networks the user can access Clock PMS+. The settings are located in menu Settings->All Settings->Users->Network security. Here you can enable or disable the following options:
- Trusted Networks. Users in Clock PMS+ can be split into 2 groups - users with access to the system from anywhere and those who can access the system from a specified list of IP addresses and networks, e.g. your hotel network (more details can found in the Users article).
- Blacklist Networks. Use this option for instant unconditional denial of access to your subscription from a certain IP address or network. The restriction affects all accounts in the subscription. This feature should be used with extreme caution to avoid restricting your own access. If this happens, the subscription owner can disable the 'Blacklist networks' rules though the 'I have lost my password' link on the login screen.
Multi-Factor Authentication (MFA)
The MFA principle is the following: to access your account, you'll need to combine what you know (username and password) and what you possess (smartphone and the one-time password generated on it). Each 6-digit password from the application is active for 60 seconds.
The features that will require you to have enabled MFA for your user are as follows:
- Full access to credit card details. The use of tokenized cards does not fall in this category. The review of the full credit card number and the CVV code, however, will require you to have enabled MFA for your user.
- Creation and edit of users and user groups.
- Settings of payment providers.
- Change of the account owner's email and the email of the hotel.
To activate the MFA access for your user:
- Install a two-factor authentication application:
- The Google Authenticator application on your smartphone (available for free from the AppStore and Google Play);
- A Google Chrome extension / a similar extension for other browsers;
- An application on your computer like Authy (available for Linux, macOS, and Windows);
- Log in to the system with the user for which the MFA is to be activated
- Go to the Navigation menu -> Settings->My User
- Chose the MFA from the sidebar.
Follow the instructions (the QR code might take up to 1 minute to load):
- Open the 'Google Authenticator' App on your smartphone;
- Add a new account to 'Google Authenticator' by selecting the '+' icon;
- Select 'Scan a QR code' and point your camera at the QR code;
- Upon scanning the code, you will have the account added to the 'Google Authenticator' app on your smartphone;
- Enter the 6-digit code from the app into Clock PMS+ and confirm through the "ActivateMFA" (3) button.
Important: Time synchronization is crucial for Multi-Factor Authentication (MFA) apps like Google Authenticator because these apps generate time-based one-time passwords (TOTPs). These passwords are only valid for a short period, typically 30/60 seconds. If the time on the user's device is not in sync with the server's time, the generated TOTP might be incorrect, leading to authentication failures and potential access issues
Removal of the MFA access
In order to remove the MFA you need to have the 'Users: Create and Edit' right granted and an active MFA.
It will allow you to access the list of the users to access the edit screen of the specific user and deactivate the MFA.
Automatic User Locking
After 6 unsuccessful login attempts, the user account is automatically locked for a period of 30 minutes. A notification email is also sent with the following subject: "[CLOCK PMS SECURITY] Too many login errors detected. The user is locked" to the email of the subscription owner. You can set an additional emails to receive these notifications:
- Go to the Navigation menu -> Settings->All Settings->Users->Administrators email addresses;
- Enter the emails separating them through a comma and save.
If you happen to lock your account, you can contact a user with the 'Users: Create and Edit' right granted and ask the same to edit your user and click on the 'Unlock user' button.