Cyber threats such as phishing and hacking present significant risks to the hospitality industry, given the sensitive guest data you manage. If an unauthorised user gains access to your account, they could misuse tools like your email to impersonate you and request fraudulent payments from your guests.
To address these risks, we’ve implemented Two-Factor Authentication (2FA) as part of our login process. This added layer of security is a standard practice across hospitality platforms. Starting 13th January 2025, 2FA will become a mandatory step for all SabeeApp users when logging in.
What is Two-Factor Authentication?
Two-Factor Authentication (2FA) is an additional layer of security used to protect online accounts. Instead of relying solely on a password, 2FA requires a second verification step, typically a unique code generated on your smartphone, tablet, or another trusted device.
The code used in Two-Factor Authentication (2FA) is a temporary, one-time passcode (OTP) generated by your authentication app. This code adds an extra layer of security by verifying that the person attempting to log in has access to a specific, trusted device.
Why Do We Need 2FA?
-
Enhanced Security:
The 2FA code ensures that even if someone steals your password, they cannot access your account without also having access to your trusted device. This makes it a powerful defense against unauthorised access and cyber threats.
By activating 2FA, you ensure that your accounts are protected with a robust, industry-standard security measure.
How Does the Code Keep SabeeApp Accounts Secure?
-
Generated Securely:
The codes are generated based on a shared secret key between your SabeeApp account and the authentication app, combined with the current time. This method ensures the code is unique and difficult to guess.
-
Device-Specific:
The code can only be generated by a device that has been set up with your SabeeApp account, like your smartphone or tablet. Without access to this trusted device, unauthorised users cannot generate the required code.
-
Platform-Independent:
The code works independently of the internet. Once the authentication app is set up, the codes can be generated offline, ensuring reliability even without a network connection.
-
Time-Limited:
The OTP (one-time passcode) is typically valid for a short period, usually 30–60 seconds. After this, the code expires, and a new one is generated. This ensures that even if someone intercepts the code, they can't reuse it later.