Logging in & account security
Updated on 2026-07-04
Your BedFlow account holds your entire booking administration — you'd better protect it with more than just a password. BedFlow supports three ways to log in, from classic to passwordless.

Logging in with Google
On the login screen you'll find the Log in with Google button. If you use a Google account (Gmail or Google Workspace) with the same email address as your BedFlow account, you log in without a password. When creating a trial account you can also choose Continue with Google right away — your email address is then verified automatically.
Nothing is changed on your Google account; BedFlow only requests your name and email address to recognize you.
Passkeys — logging in without a password
A passkey is the safest and fastest way to log in: you unlock with your fingerprint, face or device PIN, and there is no password that can be stolen or guessed. Passkeys work with Face ID/Touch ID (Apple), Windows Hello, Android and all common password managers.
Here's how to set one up:
- Log in and click your profile in the top right
- Go to the Passkeys section and click Add passkey
- Your device asks for a confirmation (fingerprint, face or PIN) — done
- On your next login, choose Log in with passkey and confirm the same way
You can register multiple passkeys (e.g. your laptop and your phone). If you lose a device, simply delete the corresponding passkey from your profile.
Two-step verification (2FA)
Want an extra lock on top of your password? Enable two-step verification in your profile: you link an authenticator app (Google Authenticator, 1Password, Bitwarden, …) and from then on confirm every login with a 6-digit code. Store the recovery codes somewhere safe — they get you back in if you lose your phone.
Recommended order
- Add a passkey — safest and the least hassle
- No passkey-capable device? Enable two-step verification
- In any case, use a unique, long password (or log in via Google and skip the password altogether)
Tip for teams: give every staff member their own user (see Users) instead of one shared password. That way you can revoke access per person and the logs show who did what.