Deutsch
English
Español
Français
NederlandsIn Mews Operations, you can configure security settings to protect user accounts and your property data. To help prevent unauthorized access and data use, ensure that all users follow security best practices. Following all security measures also helps you comply with data privacy laws and standards during audits. Set up security settings correctly to help protect against unauthorized access to:
- User account information, for example, employee data.
- Sensitive property and financial data.
- Guest data.
To ensure maximum security of your user accounts, Mews:
- Enforces two-factor authentication (2FA) as mandatory, or lets you use Single Sign-On (SSO) across your property account. You can learn more about 2FA below.
- Requires you to verify your identity to re-authorize your Mews account each time you:
- Add a new user
- Download a report containing sensitive information, for example, the Reservation report
- Access areas of the system which contain sensitive data. You can learn more about re-authorizing your account and verifying your identity here.
Note:
- Your Mews user account password needs to consist of 12 characters and include symbols or special characters. You can learn more here.
- The Mews login, reset password, and 2FA login screens automatically adjust to match your browser’s language settings. If your browser language is other than the 5 core languages of Dutch, English, French, German, or Spanish, the screen defaults to English.
- You might hear the 2FA link via email referred to as a “magic link”. It is a validation link the system sends via email as a second step of the two-factor authentication.
In this article you can learn about the following:
Account security options in Mews Operations
You can check your security level and apply available security features in the Security screen in Mews Operations. Review your current protection status and follow tips to increase your account security.
To do so:
- In Mews Operations, go to the main menu
> Settings > Property > Security.
Security overview
Under Security overview, Mews displays the following information:
- Security level: The overall security level of your property. The levels are:
- Low:
- Over 30% of property users with admin access, OR
- No security features are activate, for example, 2FA, passkeys, device authorization, SSO.
- Medium:
- Fewer than 30% of property users with admin access, AND either:
- At least one security feature is active, for example, 2FA, passkeys, device authorization, SSO.
- OR more than 60% of users have passkeys AND 2FA is active
- Fewer than 30% of property users with admin access, AND either:
- High:
- Fewer than 20% of property users with admin access, AND either
- SSO enforced for all domains
- OR 2FA and device authorization are active
- OR more than 80% of users have passkeys and 2FA is active
- Fewer than 20% of property users with admin access, AND either
- Very high:
- Fewer than 10% of property users with admin access, AND either
- SSO enforced for all domains
- OR 2FA and device authorization activated with no exceptions
- OR more than 90% of users have passkeys AND 2FA is active with no exceptions
- Fewer than 10% of property users with admin access, AND either
- Low:
- User accounts secured: The percentage of user accounts secured when you activate 2FA or trusted device authorization
- Users logged in with passkeys: The percentage of users logging in with passkeys
- Property users with admin access: The number of property users with admin access privileges
- Security features activated: The number of security features active. Note: Mews counts only features available to configure
- Tips to raise the security level: Steps to improve your property’s security
Security features
You can apply available security features in the Security settings screen.
You can set up to protect your own user account:
- Passkeys: Passkeys are a secure and easy way to log into your Mews account without relying on email or two-factor authentication. You create a passkey once and use it to access your account from devices like your phone, browser window, or tablet. Learn more in the help article how to create passkeys for your Mews account.
To protect Mews user accounts, and promote maximum security, the system enforces two-factor authentication (2FA) as mandatory for all Mews accounts:
- Enforced two-factor authentication (2FA): Two-factor authentication (2FA) in Mews means signing into your Mews account in two steps; first with your login password and then authenticating your account by clicking a link via email, or an entering an authentication code generated by an authenticator app. You can learn more about 2FA below.
Your system admin can set up the following security measures in Mews Operations:
- Trusted Device Authorization: This feature enhances account security by ensuring only approved devices can access a particular Mews account. You can learn more below, and in the help article about Trusted Device Authorization.
- Identity Access Management: A product to help securely manage your users, and their roles, permissions, access rights and more. You can learn more below and in the help article Understanding Identity Access Management for Mews. It includes:
- System for Cross-Domain Identity Management (SCIM): A tool that helps automatically manage user information across your different systems. You can learn more in the help article How to purchase System for Cross-Domain Identity Management (SCIM) for Mews..
- Single Sign-On (SSO): Single Sign-On or SSO is a user authentication service that lets you use one set of login credentials to access multiple applications. You can learn more in the help article How to set up Single sign-on or SSO in Mews Operations.
Note: Only user accounts with Admin permissions have access to your properties' security options.
Passkeys
Passkeys are a secure and easy way to log into your Mews account without relying on email or two-factor authentication. You create a passkey once and use it to access your account from devices like your phone, browser window, or tablet. Learn more in the help article how to create passkeys for your Mews account.
Two-factor authentication (2FA)
Two-factor Authentication (2FA) verifies user identity and controls access to Mews Operations. It requires two forms of authentication to access resources and data. 2FA means users sign into their Mews account in two steps:
- Their username and password
- A second authentication method:
- A link via email, or
- A one-time 6-digit authentication code generated using an authenticator app, for example, Google Authenticator, iCloud Keychain, or Microsoft Authenticator.
This is to add an extra layer of security to your Mews property account. Mews recommends activating 2FA via email and following all recommended security best practices.
To ensure maximum security of your Mews user accounts, the system enforces two-factor authentication as mandatory for Mews accounts. User accounts are more secure when users sign in using both a password and secure email link, or authentication code.
Even if the password is compromised, the system blocks access without email verification, or a one-time 6-digit authentication code.
For specific roles where two-factor authentication is not possible, you can create a 2FA exception list. You can learn more here.
You can learn more about the 2FA login journey in Mews here.
Trusted Device Authorization
Note: Properties that enforce Single Sign-On (SSO) do not require device authorization.
This feature enhances account security by ensuring that only approved devices can access a particular Mews account. You can authorize multiple devices as trusted when logging in to Mews. Enable this feature when you first access Mews from a new device or location, using the link shared with you via email to approve each device securely.
You can manage your trusted devices via your account settings and remove them to remotely log out of a device. You can learn more Trusted Device Authorization here.
Identity Access Management is a product you can purchase for your Mews account, that helps you securely manage your users, roles, permissions, access rights and more. It helps increase security on your Mews property or portfolio account, and that of your users.
It includes:
- System for Cross-Domain Identity Management (SCIM): A tool that helps automatically manage user information across your different systems, making it easier to add, update, and remove users in Mews. You can learn more in the help article How to purchase System for Cross-Domain Identity Management (SCIM) for Mews.
- Single Sign-On (SSO): Single Sign-On or SSO is a user authentication service that lets you use one set of login credentials, for example, a username and password, to access multiple applications. You can learn more in the help article How to set up Single sign-on or SSO in Mews Operations.