Slack is tardy to the two-factor authentication party
Following a four-day long security breach back in February, chat and collaboration tool Slack is finally getting two-factor authentication. Last month, the encrypted central user database was accessed by hackers although there is no indication that hashed passwords were decrypted.
Slack insists that no payment information was seen by hackers, and while the breach is far from good news, there is a silver lining: it has forced the company to look harder at security. Starting today, two-factor authentication is available which locks down accounts via the Android, iOS and Windows Phone apps.
Despite the chronology, Slack insists that introducing two-factor authentication is not a response to the "security incident". The company says that the feature "has been in development for the last few months" and is now being released earlier despite the fact it needs "a few small UI tweaks", and has a few "remaining bits of clunky-ness".
An email has been sent out to Slack users which explains:
We are writing to inform you that we were recently able to confirm that there was unauthorized access to a Slack database containing user profile information. We have since blocked this unauthorized access and made additional changes to our technical infrastructure to prevent future incidents. We have made all relevant details available on our blog. No specific action is required of you.
Although the email suggests that no action is required, Slack is trying to encourage users to enable the new security feature.
The new security options do not end there. Slack is also rolling out a Password Kill Switch feature for team owners. This can be used by an administrator to kick all users out of a chat session in the event of a security breach, as well as the ability to force all team-members to change their passwords.