Resources Resources

Introducing 2 Step Login for Buffer: The safest social media publishing on the web

4 min read Buffer News
Belle Beth Cooper
Belle Beth Cooper Team Buffer

You may have heard about the recent security breach that affected many Buffer users. This is something we would have hoped to never face in our lives. And yet, through the experience of the hack, we’ve had a unique opportunity to learn about security and safety on a level that we would have likely never explored before.

On top of that, we were  incredibly amazed by how supportive our customers (you!) were through the whole process of recovery.

With all that trust given to us, despite the big mess, we wanted to really step up our game in terms of safety and security.

For the past few weeks, we have been focusing on making Buffer the safest, most secure way for you to manage and publish to your social media accounts. We have a number of awesome things to show you. The most important step in this process is a feature we’re announcing today: 2-Step Login.

This is an optional setting available for all Buffer accounts from today, which lets you require an additional security code to login to your account, making it more secure.

Let’s dig in to how this all works:

Why have we been thinking so much about security at Buffer?

We’ve been thinking hard about what the most secure and safest way to handle your social media accounts could look like for any user coming to Buffer. We spent a lot of time brainstorming, talking to experts and learning a lot about security. We wanted to find the best approach to make Buffer the most secure way for you to manage your social media accounts.

As a result of all of this, here is what we’ve come up with for our users to make them safe in every regard:

  • Resetting all of our breached credentials after the hack
  • Encrypting email addresses stored in our database
  • Encrypting access tokens that let us post to users’ social media accounts
  • Having all team members change passwords and set up two-factor authentication (where possible) on our accounts for Google, Github, Stripe and Dropbox

On top of this, today we’re adding 2-Step Login for all Buffer accounts to add an extra layer of security to your Buffer account.

What is 2-step login?

By adding a second step to the login process, we can ensure that anyone logging into your account is actually you! Malicious attackers will not only need your password, but also access to your mobile device, in order to log in to your Buffer account.

Get all your business accounts managed safely in one place

If you’re on a Buffer for Business plan, or if you’re using Buffer to manage social media on behalf of your clients, we hope this will be especially useful for you.

When you have multiple team members set up, this can increase security risks so we’ve enabled 2-Step Login for all accounts, including your team members. This will keep your professional accounts safe and secure, even when more than one person has access to them.

For example, in the case of how we at Buffer’s own social accounts, we have a number of team members. Instead of sharing all passwords with everyone, we just invite them as a team member. On top of that we have everyone setup the new 2-Step Login. That way, we can be sure to have great security whilst still not compromising on ease of use:

Screen Shot 2013-11-25 at 10.57.53 PM

So you can try setting it up for your business Buffer account and add a double security layer for both of your accounts.

Setting up 2-Step Login

First, log in to your Buffer account like normal. Then go to “My Account” and choose “Access & Password“:


On the Access & Password page, click on “Enable 2-Step Login”:


There are currently two ways to generate 2-step codes on your phone: via text message or with the Google Authenticator app (iOS and Android). You’ll see a screen that gives you both options to choose from:

google or text

If you choose to have a code sent via SMS, you’ll need to input your phone number. If you’re using Google Authenticator, you’ll see a QR code like this:

scan code

Open up the Google Authenticator app, tap to add a new account and scan the code. The app will then generate a six-digit verification code for your Buffer account. If you use your phone number, you’ll simply get a text message with the six-digit code.

Just type in the six-digit code and hit submit to finish up:

enter code

Now each time you log in to your Buffer account, you’ll be asked to input another six-digit code from Google Authenticator or sent to you via text message. This will keep your account secure by making sure it’s definitely you every time you log in.

We’re really excited to have had an opportunity to focus so much on security improvements over the last few weeks to make Buffer even better for you.

Give 2-Step Login a try. We hope this will be another step towards providing the most safe and secure social media publishing platform for you and your company. If you have any questions at all, leave us a comment below—we’d love to hear your thoughts on this.

get started

Brought to you by

Try Buffer for free

140,000+ small businesses like yours use Buffer to build their brand on social media every month

Get started now

Join 140,000+ small businesses like yours that use Buffer to build their brand on social media every month

Sign up for free
  • No credit card required
  • Cancel anytime