At Contentstack, we take security and privacy seriously.
So today, we are pleased to inform you that our security has been upgraded with the introduction of two-factor authentication for Contentstack. This opt-in feature enables secure access to your account and ensures safety of your data and resources that reside in your Contentstack account.
Two-Factor Authentication Defined
When you log in to your average social networking site or app, you typically enter your username/email and password to access your account. This may be the single step taken by the website/app to verify your identity and grant access to your account. This is known as one-factor authentication.
When you add another factor to this password-only authentication system, it is known as two-factor authentication (2FA). In such a setup, you are required to provide an additional piece of information to verify your identity. In general, 2FA uses two of the three possible methods of verifying an identity:
- Something you know (password, secret PIN, zip code, etc.)
- Something you have (phone number, smart card, etc.)
- Something you are (fingerprint, retina scan, facial recognition, etc.)
Benefits of Two-Step Authentication
Today, most services focused on improving the security of the users and their data have adopted 2FA as a standard method for authentication. This is mainly because 2FA ensures that even if one of the factors have been compromised or leaked, the other factor keeps hackers/criminals from breaking into your account, thereby minimizing the risk of data theft.
Here are the other benefits of using 2FA:
- Provides additional layer of security
- Minimizes risk of data and identity theft
- Reduces operational and security cost
The Two Factors Used by Contentstack
The two factors used by Contentstack for authentication are:
- Password (something you know)
- One-time security code via Authy mobile app or SMS (something you have)
How to Use Two-Factor Authentication (TFA) in Contentstack
If you are an existing Contentstack user, setting up 2FA for your Contentstack account is quick and easy. Here are the steps for enabling two-factor authentication for your account:
- Log in to your account.
- Click on profile name and go to the security page.
- Under ‘Two-Factor Authentication’, enter your phone number and click ‘Enable 2FA’.
- Select one of the methods to verify your phone number.
- Enter security code
This will enable 2FA for your account.
Now, the next time you try to log in to your account, you will be first asked to enter your login credentials (email and password). Then, it will prompt you to verify the security code that you get on the Authy app installed on your phone. If you do not have the app, you can request to receive the verification code via SMS. You will be granted access to your account only upon entering this security code.
Why Introduce Two-Factor Authentication Now?
Two-factor authentication is not a new concept and, as such, is a proven method to enhance security, which is more important than ever. With the recent feature enhancements and updates to Contentstack, users now have more power and control over the content stored in their account than ever before – something an intruder could exploit. 2FA minimizes this risk substantially.
Owing to the increasing risks due to the growing level of sophistication by online hackers and attackers, security measures around the world are constantly evolving. While 2FA does not completely eliminate all potential threats, it makes it a lot harder for attackers to hack your accounts.
As of now, two-factor authentication is an opt-in security feature that can be enabled/disabled for your Contentstack account as and when you wish. However, we highly recommend you to enable this as soon as possible to keep you account safe from potential threats.
To learn more about two-factor authentication, please read our documentation.