As a part of our ongoing efforts to enhance the justLikeAPI’s security, we are updating our password security policy and introducing Two-Factor Authentication (2FA).
Read the article below to learn what changes are we introducing (and why), and what these changes mean for justLikeAPI users.
Why are we introducing these changes?
The list of passwords that have been breached is constantly growing. We do not want our clients’ passwords to join this list.
Prioritizing security of our whole system ultimately means building a foundation for a smooth review monitoring process.
While this may seem like a detour from the main purpose of justLikeAPI, it’s important to be aware of at least basic account & password security concepts so that you may continue using our services without worry.
There are numerous guidelines when it comes to creating strong passwords. Some of the more common ones are:
- Don’t use common and easily guessable information (eg. birth dates, names of family members, etc.);
- Update your password regularly;
- Use a combination of uppercase and lowercase letters, include numbers and symbols.
However, as attackers are becoming increasingly persistent when it comes to breaching your password, there’s now a need to craft even stronger passwords and find more secure ways of logging in.
What changes are we introducing?
Firstly, here’s an updated list of password requirements justLikeAPI users will have to fulfill:
- passwords should be a minimum of 12 characters in length after multiple spaces are combined;
- we permit any printable Unicode character, including language neutral characters such as spaces and Emojis in passwords;
- all passwords are automatically checked against a list of Pwned passwords, that have already been compromised on the web before – if your password is on the list, you will be prompted to enter a different passcode;
Besides all of this, we will introduce a 2FA method of logging in.
What is 2FA?
Two-Factor Authentication is a method of authentication where you will be required to provide two separate identification forms in order to access your account and the data associated with it.
It is a subtype of Multi-Factor Authentication where, as the name suggests, users are required to provide two or more forms of identification.
In the vast majority of cases 2FA consists of the following identification forms:
- Your password
Entering your password is usually the most common first-step in 2FA. After it has been successfully provided, some of the following methods can be utilized in the second step:
- Verification via code sent to a chosen phone number;
- Utilization of various 2FA applications;
- Utilization of biometric data;
- Using connected or disconnected security tokens.
In the case of justLikeAPI we will use the combination of password and an authentication application.
There are numerous such applications, here’s a list of some of them:
Please note that this is not an exhaustive list and that you may use any authentication application you are comfortable with or that your organization requires.
Conclusion
It is crucial not to take security matters lightly.
While it may be cumbersome at first, improving your account security always pays off.
It’s an excellent way of mitigating security risks and enabling yourself to focus on what’s really important to you.
If you have any questions about this policy update, make sure to contact us at systems@justlikeapi.io