When you've got a hot new online platform, you inevitably become a target for hackers. That's the lesson Slack, a popular business collaboration tool, learnt when it discovered an intrusion in its systems last February.
As a result, the company is now rolling out two-factor authentication, which adds another layer of security by making users enter verification codes whenever they sign onto its apps.
Slack smart messenger claims the hackers got into its central database, which contains usernames, email address, and encrypted passwords. At this point, though, it doesn't look like they were able to decrypt passwords. On top of making logins more secure, Slack is now giving leaders of its groups the ability to reset all of their passwords, or log their entire team out of Slack.
"Since the compromised system was first discovered, we have been working 24 hours a day to methodically examine, rebuild and test each component of our system to ensure it is safe," Anne Toth, Slack's VP of compliance and strategy, said in a blog post. "We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach. In addition we have notified law enforcement of this illegal intrusion."
Two-factor authentication is ready. When the corresponding function is enabled, the system will ask him to use not only the password, but also a confirmation code, when entering profile. Users will have to download and install Google Authenticator, Duo Mobile or Microsoft Authenticator.
Slack competes with other workplace chat apps like Hipchat and Yammer, but it's exploded in popularity over the past year thanks to its fast and robust chat platform. (Okay, and a bit of tech industry hype, too.) But for a company that's already faced a bit of security scrutiny, you'd think it would have sorted out two-factor authentication much sooner.