Buffer launches two-factor authentication after breach

Buffer launches two-factor authentication after breach

Summary: Uses Google Authenticator and SMS to enable to optional security measure.

TOPICS: Security

After working through a third-party breach of its databases last month, social media management company Buffer is rolling out two-factor authentication to its customers.

The company has been working on the optional feature for the past few weeks, with the feature aimed at making it more difficult for attackers to gain access even in the event that credentials are stolen.

(Credit: Buffer)

Putting its money where its mouth is, Buffer employees are also required to set up third-party two-factor authentication on the services they use, including Google, GitHub, Stripe, HipChat, and Dropbox.

As multiple users can have access to a Buffer account as a team member, Buffer's implementation of two-factor authentication is also able to extend to these accounts.

Buffer provides two ways for users to generate tokens, the first being via a one-time SMS sent to the user's phone, and the second through Google Authenticator. The use of Google Authenticator indicates that Buffer is using the more standardised time-based, one-time password algorithm, which theoretically should allow users to pick their own token generator if they know the "secret" used to seed tokens (which is typically provided as a QR code). Many other organisations are using the algorithm, such as Linode, Amazon Web Services, and Evernote, making it easy to manage tokens within a central application; however, others, such as Twitter, have decided to use two-factor systems that need to be managed separately.

Where Google Authenticator is used, Buffer asks users for a backup phone number and also provides a single-use code in case their phone is lost.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Two-factor authentication

    This is becoming the norm. As more and more people are becoming weary about their privacy, it is becoming increasingly more important that users' data is secure.

    For our hosted services, we offer a two-factor authentication to ensure that only the user has access to their files. Security is becoming a major factor when choosing any internet service nowadays.
    James Stevenson