Loom website update 17.7.1: 'Two-factor authentication' edition
We've just rolled out two-factor authentication in our latest website update. We're adding this extra layer of security in order to better protect your account.
Starting today, when you make major account changes like resetting your password or changing your primary email address, we'll send an SMS message to your cell phone with a one-time authentication code in order to confirm that the change request is really coming from you.
What is two-factor authentication?
Two-factor authentication is more secure than the traditional email address/password combination because it confirms your identity in two different ways. Typically, the second factor is an authentication code sent to a device that, in theory, only you should have access to. It's been used by big players like Google and Apple for years in order to add an additional layer of security to their users' accounts.
Why are we using it?
Prior to today, when signing up for Loom, you would have created a secret question and answer at registration. You'd then have been prompted to answer the secret question any time you sent a password reset request. We're phasing out the secret question method because of recommendations by security researchers suggesting that this method is flawed because, as security researchers from Google have noted, answers to secret questions "are either somewhat secure or easy to remember—but rarely both."
Two-factor authentication is both more convenient and secure than the secret question and answer verification method. Of course, no security measure is completely foolproof, but two-factor authentication does make it much more difficult for someone who isn't you to gain entry into your account.
What it means for you
If you're a current Loom user, you'll be prompted to confirm or enter your cell phone number the next time you log in to the system. If you're registering for the first time, you'll be asked to provide your cell number at registration. A code will be sent to your phone that you'll need to enter correctly before you can access the Loom Report Centre.
If you forget your password, instead of being prompted to answer a secret question, you'll now be able to reset it by requesting an authentication code be sent by SMS to your mobile phone.
If you need to change key account details, like your primary email address, you'll also have a code sent to your phone to verify your identity.
This is just phase one. In a future website update later this summer, we'll also be introducing a setting where you can make two-factor authentication mandatory every time you log in, or just make it mandatory when you log into your account on a new device for the first time.
For two-factor authentication to work correctly, it's important that you enter a valid cell phone number and keep your number up to date. Every so often, we'll remind you to confirm your cell phone number when you log into the system.
That's it for news this update, but we'll be sure to keep you updated here on the blog and on Twitter as new features roll out in the coming months.
Found a bug in the system? Have an idea for a cool feature that would make Loom better for you? Drop us a line at firstname.lastname@example.org