Strengthen your account by using two-factor authentication (2FA) and other security measures. Learn how to set up 2FA and explore additional ways to protect your account from unauthorized access.
Read about:
Use the 2FA authentification
The Two-Factor Authentication (2FA) is an additional security step designed to safeguard your account.
Two-Factor Authentication (2FA) on Lodgify requires dual verification by sending a unique code via SMS or via an authenticator application. Upon receiving the code, simply enter it where prompted on Lodgify.
This extra layer of security measure helps mitigate the risk of unauthorized access and potential data breaches.
In Lodgify, you can choose to set up Two-Factor Authentication (2FA) to protect your login and/or the following critical actions:
- Changing your email address,
- Changing your password,
- Changing your username,
- Modifying a payment setting,
- Updating your 2FA phone number.
Before you begin, make sure you have a mobile device that can receive SMS texts and is linked to a valid phone number for verification codes. If your account is not associated with a phone number with these capacities, you may be unable to access certain sections of your account.
💡 Note: The phone number you use for 2FA can be different from the primary phone number saved on your Profile page.
Activate the 2FA authentification
To activate the 2FA authentification on your account, follow these steps:
- Go to your Account Menu in the bottom left corner and select Security.
-
Then, click Activate to protect critical actions, and toggle on the 2-step verification at login to secure the login process:
- A new tab will open for the phone verification process.
- Enter your phone number and click Send Code.
- Input the code received via SMS.
Your phone number is now registered, and two-factor authentications are active on your account.
💡 Notes:
- Currently, two-factor authentications can only be activated via the desktop version.
- Once enabled, the SMS 2-step verification cannot be deactivated (the 2-step verification at login can be deactivated)
Then, when you log in and / or try to access a section of the Lodgify app that requires two-factor authentication, a one-time passcode will be sent to the phone number associated with your account. Please enter this code to confirm your identity.
If you cannot receive the one-time passcode because you don't have access to any of the phone numbers linked to your account, please reach out to us for assistance. We recommend calling us from the primary or secondary phone number listed in your Lodgify account.
Use an authenticator app for 2FA
Once you have confirmed your phone number using the SMS option, you can also add an extra 2FA verification method via a standard authenticator app (like Google Authenticator, Microsoft Authenticator, Authy, etc).
To activate this additional option, make sure you have an authenticator app installed on your mobile device, then follow these steps:
- Go to your Account Menu in the bottom left corner and select Security.
- In the 2FA Section, activate the Authenticator App by clicking Activate.
-
A secure slide-out window will appear, displaying a unique QR code.
Open your authenticator app on your phone and scan the QR code. The app will automatically register your account. -
The authenticator app will generate a six-digit code.
Enter this one-time code into the field provided on the Lodgify website pop-up to complete and confirm the activation.
You can now use this 2FA method in the future.
To deactivate 2FA via an authenticator app:
- Go to your Account Menu in the bottom left corner and select Security.
- In the 2FA Section, click the toggle next to Authenticator app to deactivate this option.
- A modal will appear, click Deactivate to confirm.
Update your 2FA phone number
Once your 2FA verification has been set, you can always edit the configuration:
- Go to your Account Menu in the bottom left corner and select Security.
- Then, click Edit.
- A new tab will open for the “Verify Phone” process.
- Enter the new phone number and click Send Code.
- Input the code received via SMS.
Suspicious login
If we identify any unusual login behavior that deviates from your typical activity, like access from an unfamiliar device, browser, IP address, or location, you will receive an email alert in English, similar to the following one:
If it was you who logged in, there is no need for further action.
However, if it wasn’t you, we strongly advise you to change your password immediately.
Additional ways to protect your account
Your Lodgify account holds critical guest information, including personal details, making it a potential target for fraudsters. If unauthorized access occurs, you might observe the following indicators:
- New user profiles or unfamiliar phone numbers added for two-factor authentication (2FA).
- Guests notifying you about unexpected payment requests that did not originate from you, or outgoing emails that were not written by you.
- Unrecognized alterations to your property information, such as unlisted rentals or unknown sub-owners being added.
To protect your account from unauthorized access, consider the following recommendations:
- Recognize and protect yourself from phishing scams
- Always log in through the official Lodgify login page.
- Create a strong password: Use a password that is at least ten characters long, combining uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable details like your name or birthday.
- Avoid password reuse: Using the same password across different platforms increases your risk. If one of those sites is compromised, attackers may try to access your Lodgify account with those credentials. Be vigilant with incoming messages: Look out for unusual or urgent requests, misspellings, poor grammar, or sudden process changes. Exercise caution with shortened links; if you see one, do not click on it.
- Establish individual access accounts: Avoid sharing your login credentials among partners. Ensure that each user has their own access and enable two-factor authentication (2FA) for all work-related applications, including email.