Over the past few months, Cloudbeds has made it our mission to strengthen your account security in order to safeguard your data and that of your customers. The Zephyr update includes a number of tighter security features to keep your information safe.
General security updates
All credit card details will be removed 30 days after a cancellation or no-show
There is now a 30-day grace period for charging guests fees for cancellations or no-shows. After this time period, the guests’ credit card details will be removed.
New auto log out settings
Property owners can now automatically log out staff members after a specified amount of time of inactivity on the platform.
Password reset link to expire after 15 minutes
The link sent to a user when an account or credit card password reset is requested will expire after 15 minutes.
Two-Factor Authentication (2FA)
2FA required for managerial override to view credit card details
Managers must enter their viewing credentials when a staff member doesn’t have permission to view credit card details. To ensure these credit card details are only viewed on a trusted computer, we will now require that the manager also enters a 2FA verification code. This will make the device trusted for 30 days.
Use of emergency code at login will require re-verification
When a user logs in with their emergency code, we will redirect the user to their profile to verify their new phone number or device, or to re-verify their old one.
Button to generate new 2FA emergency code
If a user forgets to write down their emergency code or otherwise loses it, we’ve added a button to the User Profile that generates a new emergency code.