1. Network security
  2. Multi-Factor Authentication (MFA)

Clock PMS+ has been designed with strong security measures in mind to prevent the unauthorized access to your critical data and operations.

Network security

Allows you to control from which networks the user can access Clock PMS+. The settings are located in 'Other' - 'Settings' - 'Network security'. Here you can enable or disable the following options:

  • Trusted Networks. Users in Clock PMS can be split into 2 groups - users with access the system from anywhere and those who can only access the system from a specified list of IP addresses and networks, e.g. your hotel network (more details can be found in the Users article). 
  • Blacklist Networks. Use this option for instant unconditional denial of access to your subscription from a certain IP address or network. The restriction affects all accounts in the subscriptionThis feature should be used with extreme caution to avoid restricting your own access. If this happens, the subscription owner can disable the “Blacklist Networks” rules through link 'I have lost my password' on the login screen.

Note: Please consult with your IT support which IPs are to be entered as trusted or blacklisted networks.

Multi-Factor Authentication (MFA)

The MFA principle is the following: to access your account, you'll need to combine what you know (username and password) and what you possess (smartphone and  the one-time password generated on it). Each 6-digit password from the application is active for 60 seconds.

To activate the MFA access for your user:

- Install Google Authenticator application on your smartphone (available for free in the AppStore and Google Play)

- Log in to the system.

- Select 'Other' - 'Settings' - 'Users'.

- Choose 'Activate MFA' from the upper part of the screen.

- Follow the instructions.

Removal of the MFA access:

In order to remove the MFA you need to have the 'Users: Create and Edit ' right granted.

It will allow you to access the list of users and select 'Remove MFA' from the drop-down menu next to the respective user.

Automatic User Locking

After 6 unsuccessful login attempts, the user account is automatically locked for a period of 30 minutes. A notification email is also sent with the following subject: "[CLOCK PMS SECURITY] Too many login errors detected. The user is locked" to the hotel email address.

If you happen to lock your account, you can contact a user with the 'Users: Create and Edit' right granted and ask the same to edit your user and click on the 'Unlock user' button.

Note: If you lock your user and try to log in before the 30 minutes are over the timer will reset and you will have to wait for another 30 minutes before the next attempt.