Introducing Travel Sustainable

Our new way of recognising your sustainability efforts and championing them to travellers – for a better tomorrow.

Discover more

What is 2-factor authentication (2FA)?

Updated 6 days ago

2-factor authentication is an extra layer of security used to further protect your account by making sure that the person trying to gain access to your account is actually you. First, you enter your username and password. Then, instead of immediately gaining access, you are required to provide another piece of information. This additional credential check can come in a variety of ways.

As a partner, it comes in the form of a PIN (personal identification number) which is sent to your authenticated device. A good example of this is how bank cards typically work - The card alone is not sufficient to gain access to your funds despite it being in your possession - a PIN code is required as well.

How can my account still be compromised?

Authentication works in several ways - First, your username is an indicator that you have an account on Once this is checked, your password is then checked to match the username you have provided. Does it match? All good!

This is where 2FA comes in - You are sent an additional PIN code to your already authenticated device as an additional security layer since you hold very sensitive data (guest personal & payment details) in the Extranet.

2-factor authentication is as secure as you allow it to be - If you share your username & password, along with your 2FA PIN, this means anyone you provided this to will have access to your property, as well as guest details.

I think my account has been maliciously accessed. What can I do now?

If you believe that you may have inadvertently provided your login details & 2FA PIN to an unauthorised 3rd party, it is crucial that you notify immediately - your contract with requires you to notify an actual or suspected account take-over within 24 hours.

Good to remember:

  • will never ask you for your username, password, or 2-factor authentication (2FA) pin code for any reason.

  • If anybody - whether they claim to work for or at the property, is asking for your username, password, or 2FA PIN - please hang up and contact us via

  • Share this information with your staff and encourage them to take the same precautions - fraudsters prefer to call at night when support staff is minimal.

If you’re unsure, always contact us via the below link before taking any action:

Report a security issue

If you receive messages or phone calls asking you to make changes within your account (i.e. changing contact details, adding email addresses, confirming personal information, etc), always verify the request is coming from a legitimate source. If it supposedly came from, call us to verify with customer service. If the caller claims to be an employee of your property, call the colleague and verify the request.

I think my account has been taken over. What can I do now?

Follow these steps to secure your account:

  • Reset your account password. You can do so by typing into your browser, then clicking on ‘Forgot your password?’

  • Check all the information within your Extranet to see if anything was changed (contacts, rates, availability, content, etc.).

  • Report it! As you have information which is considered personal (and therefore sensitive), we ask that you contact immediately to let us know that your account may have been compromised. In order to help you and your guests as quickly as possible, your contract with requires you to notify an actual or suspected account take-over within 24 hours. You can do this by contacting our security team

Don’t forget to include any and all information that might be useful, such as who the caller or sender identified themselves as (original email with headers if via email) and what was discussed.

Is this article helpful?