Introducing Two-Factor Authentication

November 6th, 2013 by Nathan Potter

Two-factor authentication is rapidly becoming an industry standard for protecting your identity on a website. You might have it already setup for your email or Twitter account. We all know passwords are fraught with pitfalls and two-factor authentication is one of the best options for improving them (though nothing is perfect). Protecting our clients’ data is always the top priority for us, so it’s only natural that we bring two-factor authentication to your dashboard.

Two-factor authentication is currently available in both Chartbeat and Chartbeat Publishing, so you can activate it now.

Wait, what’s two-factor authentication?

In the simplest terms, it is what it says it is: two separate ways for you to identify yourself to a website. The first is your password, the second is a 6 digit code that changes every 30 seconds. That 6 digit number is something you get from a mobile device, or in some cases a dedicated two-factor authentication device.

How it works

To set yourself up with two-factor, you can set up your mobile phone to recieve texts authentication texts or download the mobile app for iOS or Android and set it up on your Chartbeat account. Full instructions for setup are here.

The first time you log into your Chartbeat account after setting up two-factor authentication you will be asked to enter a verification code after you enter your password.  

two-factor authentication

   

When you type in the 6-digit code from your App you’re done. If you need to retrieve the code via mobile text message, you can have that text sent to you from this screen as well.

You can also decide the have your code saved on your computer for 30 days. If you’re confident your computer is secure this is a good option. Obviously, you don’t want to do this on a shared computer.

Every time you enable or disable two-factor on your account you’ll get an email. If you get an email without having changed anything, change your password immediately and inform your IT department.

If you lose your mobile device and get locked out of your account contact the Chartcorps and they’ll get you back in.

How two-factor helps protect you

With two-factor enabled, your data is safe even if someone gets your password. For instance if your email is hacked, the attacker cannot simply go to the Chartbeat dashboard to have us send them a new one. Nor will guessing your password do any good.

However, always be sure and check that the domain name you’re visiting when viewing your dashboard is “chartbeat.com” and that there are no security warnings in your browser, especially if someone emails you a link. If an attacker were to create a site that looked like chartbeat.com in a phishing attack, they can fool you into entering your password AND your verification code.

Be careful out there

Two-factor authentication is easy to use, but enabling it might feel like a hassle at first. However, exchanging just a few seconds out of a busy day is worth your peace of mind.

PS: Sharing Chartbeat Publishing seats with colleagues? That can make two-factor a bit more of a hassle – make sure you loop your team in before setting anything up.
  • Mark Stanislav

    Congratulations on adding two-factor support! It appears you guys may have utilized Time-based One-Time Passwords (TOTP). If that’s the case, your users will also be able to use Duo Mobile (iOS/Android/Blackberry 10) to perform two-factor authentication. Cheers!

  • Cooper Pie

    Thanks for the post, and I don’t really know that much about

    two factor authentication or the whole process that it goes through. But if anyone has any suggestions or recommendations that they could offer then that would be great.