General data security tips

1. Booking Experts advises you to use SSO with a restriction on logging in via your company domain. Logging in via SSO is preferred because it is both easy and secure.

2. If the use of SSO is not possible, you should use strong and unique passwords for all BEX PMS accounts. Choose passwords that are difficult to guess, with a combination of uppercase and lowercase letters, numbers, and symbols. Also, use different passwords for different websites and applications. The use of a password manager can be very useful for this.

3. The use of two-factor authentication (2FA, also known as MFA) will be mandatory from 1 December 2025 for all accounts that do not use SSO. When logging in, you will need an extra, automatically generated code in addition to your password. We ask you to set this up now via your account settings to prevent login problems after this date and to be extra secure as soon as possible.

4. Do not work with shared accounts in BEX PMS; give every employee their own account with their personal email address. It is also highly recommended not to leave shared computers (e.g., at receptions) logged in for different employees. When two-factor authentication is mandatory, a shared account will cause issues due to the external device that is necessary for generating the security code.

5. Ensure that computers and smartphones used to log in to BEX PMS are always equipped with the latest software updates and have a good virus scanner.

Safe login with SSO

SSO stands for Single Sign-On, which is the practice of logging in to one account using the credentials of another, verified and safe account. The two SSO providers that Booking Experts accepts are Google and Microsoft. This means that if your organization uses Google or Microsoft accounts for access to workspaces, you can use it to log into BEX PMS and BEX CMS. If you use SSO, the 2FA requirement lapses because the second layer of security is managed by the SSO provider.

Safe login with 2FA

All accounts that do not use SSO, will have to use 2FA for a second, crucial layer of security.
2FA is also known as MFA, multi-factor authentication. Adding an extra step to your login process can feel inconvenient, but it protects you, your colleagues, and the valuable personal and financial data you handle every day.
With 2FA you use your phone and/or an authenticator app to generate a temporary code that you need to enter in addition to your password.

Even though it is possible to choose sms as the manner in which you receive the temporary access code, it is highly recommended to use an authenticator app.
Authenticator apps, such as Google Authenticator, Microsoft Authenticator, or Authy, generate time-sensitive codes that are not vulnerable to phone number hijacking.

Phishing

When phishing, criminals are sending emails or messages that try to look legitimate and trustworthy, in order to ask the recipient to click on a link and log in, or enter sensitive information in another way.
Therefore, always check incoming emails and messages carefully. See whether the email addresses of the sender is exactly as it should be. A link can be checked by hovering over it with the mouse (without clicking!) to see if the web address is trustworthy. When in doubt, never click on a link.