Two-Step Verification for Staff Accounts
Introducing a new layer of security for you and your staff as you log in to Momence. Please read to understand why and how to get set up!
Two-step verification for staff:
Starting today, any staff account that has access to your host dashboard will be asked to set up two-step verification if they have any of the following permissions:
Access to the billing section of your dashboard.
Access to the inbox and can send outgoing messages to customers.
Access to the staff management section of your dashboard and can manage staff members and their roles.
Note: Your customers will not be asked to set up two-step verification.
Why two-step verification?
Over the past few days, several staff users had their accounts compromised due to the fact that they were using the same password on their Momence login as on other platforms that had a security breach. To clarify, Momence itself did not have a breach. However, specific staff members had their passwords stolen from other platforms and since those passwords were re-used on Momence, attackers gained access to their Momence accounts. The result of this malicious behavior has caused outages in our SMS functionality for a subset of our hosts.
In order to protect all staff accounts on Momence with access to sensitive permissions, we are now implementing two-step verification. Setting up two-step verification will be optional until November 15th, 2024, after which it will be required. We highly recommend you set it up as soon as possible.
How do I set up two-step verification?
You will be asked to set up two-step verification when you log into your Momence account. We recommend that you download the Google Authenticator app onto your phone and scan the QR code that shows up on the screen. Once you set up your two-step verification, you will use the Authenticator app on your phone when asked for a code while logging into Momence in the future.
What if some staff accounts are shared across staff?
If your staff account login is shared across your staff members, for example at the front desk, you will continue being able to do so if you remove the permissions listed at the top of this message from the roles of those staff accounts. You can do this under Settings > Staff accounts or Settings > Roles in your host dashboard. Staff accounts without these permissions will be able to log into the dashboard without the need for two-step verification.
We understand that this will require some change in habits for you and your staff members. Our priority lies is ensuring the security of our entire community of hosts and the Momence platform, and we appreciate your cooperation and understanding. If you have any questions, please email support@momence.com and we’ll make sure to help you out!
💜,
The Momence Team