Handling dynamic integration in a team: 2FA and other security upgrades in your dashboard

two-factor-authentication.jpg

This refresh of the Pusher dashboard offers new security and collaboration features, making it easier for teams to handle dynamic integration.

Introduction

The Pusher dashboard provides industry-leading tools for dynamic integration. We make frequent updates to our dashboard features to make it simpler to use, richer in experience, faster to operate and fully secure.

The latest refresh of the Pusher dashboard offers some new features for security and collaboration. These changes make it easier to use your Pusher account and protect your applications, particularly when working as part of a team.

We have exciting plans on our roadmap to overhaul our account model to provide better experiences for organisational projects. This is the first step toward building on the collaborative experience for these customers.

Security

Your infrastructure is extremely important to your applications and customers. We want to ensure it is safe at all times.

With this priority in mind, we’ve made some additions to your dashboard security.

  • We’ve added the option to enable two-factor authentication (2FA) in the Pusher dashboard.

Why should I care about 2FA?

Passwords have become a less and less secure method of protecting data. Verizon’s 2019 Data Breach Investigations report showed that 80% of hacking-related breaches leveraged compromised or weak passwords. Even though your passwords are held in an encrypted format, this doesn’t take into account the risk at the user-end.

Enabling 2FA addresses security vulnerabilities presented by a standard password-only approach. It also adds an additional security layer to your account. This allows us to confirm that the request is really coming from you.

This feature is available to all non-OAuth users. We recommend enabling it as a best practice. To enable 2FA simply sign in and navigate to your settings. You’ll be asked to re-enter your password to authorize switching 2FA on or off.

  • API key changes are now password protected.

It is vital that your API keys are protected from accidental or malicious changes. We now prompt for password entry when you request a change to important credentials.

  • You’ll receive email notifications about any key changes.

For full transparency we will also notify the account owner when the credentials in their account are modified. With these alerts you can stay on top of changes and respond immediately if you need to.

  • Certain app changes will require password authorization.

From now you will also be asked to enter your password when making major changes to an instance or an app; for example when an app is transferred to a new owner or deleted.

Dashboard collaboration

Our collaboration model is the functionality which allows you to move and share apps with friends and colleagues, and to assign them to new owners.

When working on complex infrastructure, sometimes it isn’t easy to understand who owns a given app. This can cause confusion when a project is transitioning to a new owner, a new developer joins your team, or when it comes to arranging billing responsibilities.

The last thing we want is for you to be confused by the admin when our service is designed to make your life a whole lot easier!

You might notice some minor UX changes and new prompts which will help you keep track of app collaborators and their roles, and what any changes you make to your plan mean for the apps and instances you are working on – whether they belong to you or someone else.

We’re in the first stages of a project to upgrade the experience for productive collaboration when teams are working together on multiple apps and instances. To give feedback on ways we can make your Pusher dashboard experience smoother and simpler, get in touch with the team here.