Buffer Fights Back Against Hackers
After a recent security breach, popular social media scheduling service Buffer has taken steps to make sure similar situations can be avoided in the future.
Among these steps is 2-Step Login, which is a new, optional setting available for all Buffer accounts. If turned on, the feature requires users to enter an additional security code to login to their accounts, which minimizes the chances of accounts getting hacked.
“We’ve been thinking hard about what the most secure and safest way to handle your social media accounts could look like for any user coming to Buffer,” a company blog post states. “We spent a lot of time brainstorming, talking to experts and learning a lot about security. We wanted to find the best approach to make Buffer the most secure way for you to manage your social media accounts.”
As a result of the hack and in addition to 2-Step Login, Buffer has reset all of its breached credentials, is encrypting email addresses stored in its database as well as encrypting access tokens that allows the company to post to users’ social media accounts. Plus, the company is having its team members change their passwords and set up two-factor authentication (where possible) on their accounts for Google, GitHub, Stripe, HipChat and Dropbox.
It is important to note that Buffer has also enabled 2-Step Login for accounts with multiple team members. For example, instead of sharing passwords with everyone on a team, businesses can invite users to an account as a team member. Members can then set up their own two-step verification for access to the platform. In order to setup the 2-Step Login, users will need to sign into their account, go to “My Account” and select “Access & Password”. After that, users simply need to click “Enable 2-Step Login”. From there, users can generate 2-step codes either through their phone via text message or through the Google Authenticator App.