Just last month we read that the popular media aggregator Buffer was hacked. They responded quickly and were very open with their customers and the public at large. Here we are a month later. What has changed?
Well, a lot it seems.
Today Buffer has rolled out two factor authentication for all of their customers. Great news!
...here is what we’ve come up with for our users to make them safe in every regard:
- Resetting all of our breached credentials after the hack
- Encrypting email addresses stored in our database
- Encrypting access tokens that let us post to users’ social media accounts
- Having all team members change passwords and set up two-factor authentication (where possible) on our accounts for Google, Github, Stripe, HipChat and Dropbox
On top of this, today we’re adding 2-Step Login for all Buffer accounts to add an extra layer of security to your Buffer account.
As a regular user of Buffer I am very pleased to see the work they're doing to secure their platform.
So to set up two factor you will need to login to your account and under the "My Account" at the top right of the page select "Access & Password"
Then click on "Enable 2-Step Login"
You will be prompted for your password before you can complete the process.
It is unfortunate that it took a breach incident for them to roll out this feature but, I am pleased with the direction that they're heading.
Which begs the question, why does it take a breach or other significant incident to improve security? Is security that much of an afterthought for companies that it takes a calamity to get the job done? Or are we as practitioners really doing that badly at getting the security message to be heard by the wider audience?