We've introduced several security features in our first big release of the year that will keep the bad guys away and bring peace of mind to your organization.
You should understand that these features must be activated first before you can enjoy extra security measures for your account and apps.
Two Step Verification
Two step verification (also called two factor authentication) is based on the principle of you authenticating yourself with 2 things: something you know (a password) and something you have (a token). We start by introducing TOTP (Time-based One Time Password) using Google Authenticator app. For this to be activated, you must own a smart phone running iOS or Android on which you can install the Google Authenticator app (download it from the App Store or Google Play). Soon you have installed this app on your personal device you can follow the instructions we provide to active this new feature.
Once it's activated, whenever you sign in with your account credentials, an extra 6-digit code is requested. This code can only be generated by this app and because this code is time based and keeps changing it makes it virtually impossible for someone else to break this extra layer of authentication. This also means that you can no longer share account passwords with another person, since they will not be able to enter that code, but as a good security measure, you should have never shared passwords in the first place. In fact, there is no need to do this with your Notificare account, since you can share apps with as many accounts as you want. Each of these accounts will set up their own two step verification layer.
More 2FA methods are further being developed, as we are currently preparing support for U2F (Universal 2nd Factor Authentication), which basically allows you to use one of many U2F solutions available in the market.
Basically, with this method, a two step verification code is automatically generated and sent to the browser by clicking a button in a USB device that you plug into your computer.
We are also exploring the possibility to generate these codes and send them through SMS (Short Message Service) so we can also support 2FA for any kind of mobile device.
IP Whitelist
We've also launched an important feature that will keep your apps safe from unwanted usage. In this release we've added an important filtering functionality to make sure that the Application Master Secret (that gives access to everything in your app) can only be used from specific locations.
As the app owner you can edit this list for each account we've shared an app with. Additionally you can also allow these accounts the possibility to edit this list themselves, making it easy to protect your app and at the same allowing your development team to edit anything if they need to.
Audit Log
Also a very important feature (this one is active by default) that will allow you to verify how and what has been used in your account is the Audit Log. This means that, starting with this release, our systems allow you to also see everything that has been done during an authenticated session.
We are recording all the operations that eventually access or change data in an account. These can then be reviewed by you, which might be a good way of spotting mistakes or unwanted access to your account.
Ready to start using it?
As we've mentioned in the beginning of this post, some of these features require activation and we strongly advise you and all your team members to follow all the steps necessary to activate them and tighten security in both account and app levels. There's simply no price we can put on your data. As always we remain available to guide you through these steps and if necessary you can drop all questions in our support channel.