CATEGORIES
home News

Chat-Room Startup Slack Implements 2-Factor Authentication Following February Hack

by Paul LillySunday, March 29, 2015, 10:54 AM EDT

Slack, the fast-growing startup previously known as Tiny Speck, has rolled out an optional two-factor authentication feature in response to a recent hacker attack. The company confirmed there was unauthorized access to its database containing user profile information, and though it was quick to respond and made changes to its security infrastructure to prevent future incidents, Slack "strongly" encourages its users to take advantage of two-factor authentication.

Before talking about that, let's look at what happened. According to Slack, the database that was hacked contained usernames, email addresses, and one-way encrypted (hashed) passwords. It also contained information that users may have optionally entered, like their phone number and Skype ID. All of that information was accessible to the hackers.

Slack

The hacking incident occurred over a four-day period in February. On the plus side, no financial or payment information was taken, and there's nothing to indicate that the culprit was able to decrypt stored passwords.

"We are very aware that our service is essential to many teams. Earning your trust through the operation of a secure service will always be our highest priority. We deeply regret this incident and apologize to you, and to everyone who relies on Slack, for the inconvenience," Slack said in a statement.

Though things could have been worse, Slack is pushing for its users to implement two-factor authentication. This requires downloading and installing an authentication app on your phone or tablet, such as Google Authenticator or Duo Mobile (most Time-Based, One-Time Password applications should work). Further instructions can be found here, but short and sweet, this would require logging in with your password and then verifying your identity with a code that's sent to your mobile device.


Slack also rolled out a "Password Kill Switch" feature for team owners. This allows for both instantaneous and team-wide resetting of passwords and forced termination of all user sessions for all team members.

Whether or not these security measures will help restore Slack's credibility remains to be seen. If nothing else, it's a sign of the times, as a growing number of sites and services implement two-factor authentication logins.
Tags:  security, Passwords, Startup, slack, two-factor authentication
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment