We take the security of your Harmony account and data seriously.
Statistically, your biggest security risk comes from poorly protected passwords (including sharing passwords, and using the same password across multiple sites), and shared user accounts.
You should never allow two different people to share one user account. In Harmony, you can have as many user accounts as you wish, each with their own security and authorization profile. Assign a user account to each person in your company who will access Harmony. Set them up with the level of access they’ll need to do their job. Then be sure to suspend their account immediately when they move on (or you move them on).
Occasionally you may want to check in on your users, to see who is logging in when and from where, just to confirm that nobody is accessing your account that shouldn’t be. From Settings → Users & Agents → User/Agent Login & Device History. The login history shows you each login, who it was, and where it happened. The device history shows you the same information, but once per logged in device. If you ever see a login from somewhere that you don’t have a user, that’s cause for further investigation – someone may have given away their password.
There’s another level of protection that’s wise to enable – MFA. This stands for Multi-Factor Authentication, which requires a user to authenticate a login using more than one factor. For Harmony, this is a valid username / password combination, plus a valid temporary one-time-use token code that can be sent to the user’s phone or email. You can force MFA to be enabled on all user accounts (from Settings → My Account → Preferences → Password Policy), or enable it individually for each user. You can also set MFA as required only for the first time a user logs into a device; after a successful login with MFA, their computer or tablet becomes a trusted device and does not require MFA for subsequent logins.
Other areas of Harmony evidence our strong commitment to security. Double-encrypted Taxpayer Identification Numbers (like SSNs and EINs) are one such example. When a field is double-encrypted, it cannot be viewed or printed unless a user with a sufficient authorization level unlocks it individually.
We’re committed to keeping you as safe as possible, and enjoy being one of the most trusted solutions in property management, with more user-years free from compromise than any other solution available.