For as long as we've used the web, the humble password has been the gatekeeper of our private data online.
But a password is a fragile layer of protection. For example:
- Keylogger viruses could read your password as you type it in.
- If you reuse the same password for multiple services, a vulnerability in any service could put all of your accounts at risk.
- Phishing emails trick you into visiting web pages that look identical to the services you use, but steal your password when you try to log in.
- If someone gets access to your email account, they can use "Forgot password" pages to reset your passwords on other online services.
That's why it's becoming more and more important that online services allow users to have additional layers of security for their accounts.
So we're happy to announce several new features to help keep your Telerivet account protected — even if your password is stolen.
With two-factor authentication, a random 6-digit code is required to log in to your Telerivet account, in addition to your password. The 6-digit code changes every 30 seconds.
This means that even if your password or email account is compromised, the other person only has a 1-in-a-million chance of guessing the right code to log in to your Telerivet account. Telerivet also sends you an email if someone enters an incorrect authentication code, and prevents too many incorrect guesses.
You can receive authentication codes via a phone call, SMS, or a smartphone app. We recommend using the smartphone app, because it will always work even if your phone doesn't have an internet connection or cell service, or if our servers can't send you an SMS or a phone call. Telerivet uses a standard two-factor authentication method called TOTP, which works on any smartphone, including Android, iPhone, Blackberry, and Windows Phone.
We also recommend enabling SMS and phone calls as a backup to reduce the risk of getting locked out of your account. If you can't receive your authentication code, you'll need to contact firstname.lastname@example.org in order to prove your identity and regain access to your account.
Login IP whitelist
The login IP whitelist allows you to control which IP addresses (network locations) are allowed to log in to your Telerivet account. It provides an additional layer of security in case your password is compromised.
If your account is accessed from an unknown IP address, Telerivet will automatically send you an email, and you can choose whether or not to add the IP address to the whitelist. This way you'll be notified of suspicious activity, and you don't have to worry about being locked out of your account if you need to access your Telerivet account from a new IP address.
View and manage your login sessions
If you've used Telerivet on a shared computer and forgot to log out, the Login Sessions page is for you.
You can see all of the computers where you're currently logged in, and log out any sessions other than your current one:
View logs of recent account activity
In the activity log, you can view the activity on your Telerivet account in the past 90 days.
If you manage an organization or project with multiple users, you can also view activity for your entire project and organization.
We've already been recording many events in the activity log before launching the Account Security page, but we just started tracking many more events — so some actions will only show up starting today.
Note that when viewing activity for other users as an organization/project administrator, you'll only be able to see actions that the other user performed within your organization or project. For example, you could see when a user edits a contact or sends a message, but you won't be able to see when another user logs in or changes their personal settings or security settings. (This is because all user accounts in Telerivet exist “outside” of organizations, and each user account can be associated with multiple organizations.)
Login via email account
(Gmail, Google Apps, and Yahoo users only)
If you use an email address from Gmail, Google Apps, or Yahoo, there's no need to remember a separate password for your Telerivet account. When you enable the “Login via email account” setting, you can simply click the Google or Yahoo logo on the login page, and log in with your email account.
Even if you log in via your email account, you can still use two-factor authentication and the login IP whitelist to keep your Telerivet account protected if your email account gets compromised.
Try it out!
To configure your security settings, head over to your Account Security page. In your Telerivet dashboard, you can access this page by clicking your email address in the left hand menu, then “Account Security”.
Keep in mind that the two-factor authentication, the login IP whitelist, and login via email account are all disabled by default — so you'll have to enable these features manually if you want them.
And as always, let us know what you think!