Two-Factor Authentication (2FA) is one of the long-overdue features on which we have been working for the past few weeks. As we promised it to the many clients who requested it, we are glad to announce this feature is now live in production. But before we focus on how to activate it for your account, let’s first explain why this is important for your security and how it works, for those of our clients that are not yet familiar with this security feature.
Why do you need Two-Factor Authentication?
Passwords can be surprisingly easy to compromise. They can often be guessed or leaked, and clients usually don’t change them very often, and despite advised otherwise, many of us have favorite passwords that we use for more than one thing. Two-factor authentication adds an additional layer of security by introducing a second step to your FastComet Client area login. A second factor is something (usually a PIN number) that is required in addition to your standard password. Typically, this PIN is generated by something you physically have (such as your phone or tablet), and it is valid for a limited short period. Since both your password and PIN are required to log in, in the event an attacker obtains your password two-factor authentication would stop them from accessing your account.
How does it work?
We added support for one of the most common and straightforward method of two-factor authentication – time based one-time PIN tokens. With these, in addition to your regular username & password, you also have to enter a 6-digit code (PIN token) that changes every 30 seconds. Only your token device (typically your mobile smartphone) will know how to generate such PIN tokens. This way, without it, even if your password is compromised your account will be safe and secure.
This extra layer of security for your client area gives you additional piece of mind without creating any inconvenience or the need to remember additional passwords or perform further e-mail verifications to access your Client area. Additionally, this method is well-designed to avoid lock-out situations, in case you lose your token device, by providing a backup master token.
How to activate your FastComet Two-Factor Authentication?
We’re really excited to roll this out. It’s disabled by default, but you can turn it on by logging into your FastComet account and accessing Two Factor Authentication under Personal Info Section. We prepared a step by step tutorial on how to activate your Two-Factor Authentication for your master client area account, so you can set this security feature in just a few minutes completely free of charge. Additionally, in case you have added additional sub-accounts to your profile, you can follow our guide on how to make this feature available to your additional client area members and contacts so they can secure their logins as well.
Upcoming security overhaul
The two-factor authentication is only the first of many security features and changes we are about to introduce in the upcoming month as a part of our security overhaul plan. Feel free to check our blog and newsletters for all upcoming changes as we will incrementally release new features and post regular updates.