You may have heard about the recent security breach that affected many Buffer users. This is something we would have hoped to never face in our lives. And yet, through the experience of the hack, we’ve had a unique opportunity to learn about security and safety on a level that we would have likely never explored before.
On top of that, we were incredibly amazed by how supportive our customers (you!) were through the whole process of recovery.
With all that trust given to us, despite the big mess, we wanted to really step up our game in terms of safety and security.
For the past few weeks, we have been focusing on making Buffer the safest, most secure way for you to manage and publish to your social media accounts. We have a number of awesome things to show you. The most important step in this process is a feature we’re announcing today: 2-Step Login.
This is an optional setting available for all Buffer accounts from today, which lets you require an additional security code to login to your account, making it more secure.
Let’s dig in to how this all works:
Why have we been thinking so much about security at Buffer?
We’ve been thinking hard about what the most secure and safest way to handle your social media accounts could look like for any user coming to Buffer. We spent a lot of time brainstorming, talking to experts and learning a lot about security. We wanted to find the best approach to make Buffer the most secure way for you to manage your social media accounts.
As a result of all of this, here is what we’ve come up with for our users to make them safe in every regard:
- Resetting all of our breached credentials after the hack
- Encrypting email addresses stored in our database
- Encrypting access tokens that let us post to users’ social media accounts
- Having all team members change passwords and set up two-factor authentication (where possible) on our accounts for Google, Github, Stripe and Dropbox
On top of this, today we’re adding 2-Step Login for all Buffer accounts to add an extra layer of security to your Buffer account.
What is 2-step login?
By adding a second step to the login process, we can ensure that anyone logging into your account is actually you! Malicious attackers will not only need your password, but also access to your mobile device, in order to log in to your Buffer account.
Get all your business accounts managed safely in one place
If you’re on a Buffer for Business plan, or if you’re using Buffer to manage social media on behalf of your clients, we hope this will be especially useful for you.
When you have multiple team members set up, this can increase security risks so we’ve enabled 2-Step Login for all accounts, including your team members. This will keep your professional accounts safe and secure, even when more than one person has access to them.
For example, in the case of how we at Buffer’s own social accounts, we have a number of team members. Instead of sharing all passwords with everyone, we just invite them as a team member. On top of that we have everyone setup the new 2-Step Login. That way, we can be sure to have great security whilst still not compromising on ease of use:
So you can try setting it up for your business Buffer account and add a double security layer for both of your accounts.
Setting up 2-Step Login
First, log in to your Buffer account like normal. Then go to “My Account” and choose “Access & Password“:
On the Access & Password page, click on “Enable 2-Step Login”:
There are currently two ways to generate 2-step codes on your phone: via text message or with the Google Authenticator app (iOS and Android). You’ll see a screen that gives you both options to choose from:
If you choose to have a code sent via SMS, you’ll need to input your phone number. If you’re using Google Authenticator, you’ll see a QR code like this:
Open up the Google Authenticator app, tap to add a new account and scan the code. The app will then generate a six-digit verification code for your Buffer account. If you use your phone number, you’ll simply get a text message with the six-digit code.
Just type in the six-digit code and hit submit to finish up:
Now each time you log in to your Buffer account, you’ll be asked to input another six-digit code from Google Authenticator or sent to you via text message. This will keep your account secure by making sure it’s definitely you every time you log in.
We’re really excited to have had an opportunity to focus so much on security improvements over the last few weeks to make Buffer even better for you.
Give 2-Step Login a try. We hope this will be another step towards providing the most safe and secure social media publishing platform for you and your company. If you have any questions at all, leave us a comment below—we’d love to hear your thoughts on this.