Logging in & account security

Updated on 2026-07-04

Logging in & account security

Your BedFlow account holds your entire booking administration — you'd better protect it with more than just a password. BedFlow supports three ways to log in, from classic to passwordless.

The BedFlow login screen

Logging in with Google

On the login screen you'll find the Log in with Google button. If you use a Google account (Gmail or Google Workspace) with the same email address as your BedFlow account, you log in without a password. When creating a trial account you can also choose Continue with Google right away — your email address is then verified automatically.

Nothing is changed on your Google account; BedFlow only requests your name and email address to recognize you.

Passkeys — logging in without a password

A passkey is the safest and fastest way to log in: you unlock with your fingerprint, face or device PIN, and there is no password that can be stolen or guessed. Passkeys work with Face ID/Touch ID (Apple), Windows Hello, Android and all common password managers.

Here's how to set one up:

  1. Log in and click your profile in the top right
  2. Go to the Passkeys section and click Add passkey
  3. Your device asks for a confirmation (fingerprint, face or PIN) — done
  4. On your next login, choose Log in with passkey and confirm the same way

You can register multiple passkeys (e.g. your laptop and your phone). If you lose a device, simply delete the corresponding passkey from your profile.

Two-step verification (2FA)

Want an extra lock on top of your password? Enable two-step verification in your profile: you link an authenticator app (Google Authenticator, 1Password, Bitwarden, …) and from then on confirm every login with a 6-digit code. Store the recovery codes somewhere safe — they get you back in if you lose your phone.

Recommended order

  1. Add a passkey — safest and the least hassle
  2. No passkey-capable device? Enable two-step verification
  3. In any case, use a unique, long password (or log in via Google and skip the password altogether)

Tip for teams: give every staff member their own user (see Users) instead of one shared password. That way you can revoke access per person and the logs show who did what.