You appear to be offline. Some site functionality may not work.

More Advanced Security Features for Your Fastly Account

Jul 30, 2014 in Security

Security is one of our top priorities at Fastly. We recognize that having your account compromised could have a profoundly negative impact on your business, leaving you and your customers vulnerable and at risk. So, with enthusiastic feedback from our customers, we've been testing out ways to improve account security features. Today, we're pleased to release two-factor authentication and IP account access restrictions.

We strongly encourage our users to opt-in and enable these security features. Check out a step-by-step guide for using two-factor authentication and IP restrictions, as well as some more background information on the features, below.

What is Two-Factor Authentication?

2FA (also known as two-step authentication and two-step verification) is an optional security measure. It means that in addition to needing a username and password, you'll also need a time-sensitive security code generated by an application on your mobile device.

This is similar to Google and GitHub's 2FA approach, and it means that even if your username and password combination is compromised, a malicious party would still need to have your mobile device in possession to gain access to your account.

Here's how to enable 2FA on your Fastly account:

  1. Get an authenticator app, such as Google's Authenticator, as well as a mobile device that can scan a QR code.
  2. Follow these step-by-step instructions.
  3. Download the recovery codes and store them in a secure place (in case you lose your mobile device).
  4. Once enabled, your session will be valid for 14 days (a new authentication code will be requested every 14 days for each computer and browser you’ve used to access the Fastly application).

2fa congrats

2FA and the Fastly API

If you enable 2FA via the user interface on Fastly, you will no longer be able to use a simple username and password combination when using the Fastly API, and must use the API key for authentication. Not all functionality is available through API keys, so you might want to check our API documentation beforehand.

Read More About 2FA

What Are IP Restrictions?

IP restriction is defined as a "whitelist" or register of IPs that are allowed to access your Fastly control panel. It adds an additional layer of security to ensure that only trusted networks are allowed to connect to Fastly.

IP access restriction allows your account's administrators to restrict which IP ranges can access Fastly. For example, if you restrict access to only the net block in your office network, then an attacker would have to be physically connected to your office network to log into your account.

These optional IP restrictions are not enabled by default. Here's how to enable IP access restriction on your Fastly account:

  1. You'll need a list of the IP space that you trust (check out examples)
  2. Follow these step-by-step instructions.
  3. Make sure to include your trusted network. You can lock yourself out if you don't add the correct information.

IP whitelist

Read More About IP Access Restriction

When it comes to security, our team is vigilant. We highly recommend that you enable both 2FA and IP access restrictions today.

At Fastly, we’ll continue to make sure your account is secure. Please contact our team at support@fastly.com if you have any questions.

Security

You may also like:

Subscribe to our newsletter

Subscribe to our newsletter

Caching the Uncacheable: CSRF Security

In this post, I investigate several strategies for maintaining security while improving cacheability. I use Ruby on Rails for the examples, but the techniques apply to nearly any web application framework.

Disabling SSLv3 Due to POODLE Vulnerability

Based on our understanding of the POODLE vulnerability (mainly the fact that there is currently no workaround), and the fact that we have very little traffic running over SSLv3 (around .5% globally), we are disabling...

Fastly Update on 'Heartbleed'

Here’s the latest update on the ongoing resolution to critical OpenSSL vulnerability CVE-2014-0160, aka ‘Heartbleed,’ which was announced on April 7th and affects nearly every Internet service provider and website using SSL to secure customer…

Author

Simon Wistow | Co-founder, VP Product Strategy

Simon is co-founder at Fastly, where he helps lead product strategy. Before helping found Fastly Simon was Senior Search Engineer at Yahoo! Europe, LiveJournal, SixApart, Scribd and then at social help desk company Zendesk. In a past life he worked on R&D for a leading VFX Company doing films like the Harry Potter series, Troy, Kingdom of Heaven, Sunshine, and Wallace and Gromit. At one point he worked as a cowboy in Australia. Mostly because it seemed like a good idea at the time.

deflatermouse