Subscribe to our newsletter
Get the latest news and industry insights in your inbox.
Subscribe to our newsletter
Thanks for subscribing
Security is one of our top priorities at Fastly. We recognize that having your account compromised could have a profoundly negative impact on your business, leaving you and your customers vulnerable and at risk. So, with enthusiastic feedback from our customers, we've been testing out ways to improve account security features. Today, we're pleased to release two-factor authentication and IP account access restrictions.
We strongly encourage our users to opt-in and enable these security features. Check out a step-by-step guide for using two-factor authentication and IP restrictions, as well as some more background information on the features, below.
2FA (also known as two-step authentication and two-step verification) is an optional security measure. It means that in addition to needing a username and password, you'll also need a time-sensitive security code generated by an application on your mobile device.
This is similar to Google and GitHub's 2FA approach, and it means that even if your username and password combination is compromised, a malicious party would still need to have your mobile device in possession to gain access to your account.
Here's how to enable 2FA on your Fastly account:
If you enable 2FA via the user interface on Fastly, you will no longer be able to use a simple username and password combination when using the Fastly API, and must use the API key for authentication. Not all functionality is available through API keys, so you might want to check our API documentation beforehand.
IP restriction is defined as a "whitelist" or register of IPs that are allowed to access your Fastly control panel. It adds an additional layer of security to ensure that only trusted networks are allowed to connect to Fastly.
IP access restriction allows your account's administrators to restrict which IP ranges can access Fastly. For example, if you restrict access to only the net block in your office network, then an attacker would have to be physically connected to your office network to log into your account.
These optional IP restrictions are not enabled by default. Here's how to enable IP access restriction on your Fastly account:
When it comes to security, our team is vigilant. We highly recommend that you enable both 2FA and IP access restrictions today.
At Fastly, we’ll continue to make sure your account is secure. Please contact our team at firstname.lastname@example.org if you have any questions.
Caching the Uncacheable: CSRF Security
In this post, I investigate several strategies for maintaining security while improving cacheability. I use Ruby on Rails for the examples, but the techniques apply to nearly any web application framework.
Disabling SSLv3 Due to POODLE Vulnerability
Based on our understanding of the POODLE vulnerability (mainly the fact that there is currently no workaround), and the fact that we have very little traffic running over SSLv3 (around .5% globally), we are disabling...
Fastly Update on 'Heartbleed'
Here’s the latest update on the ongoing resolution to critical OpenSSL vulnerability CVE-2014-0160, aka ‘Heartbleed,’ which was announced on April 7th and affects nearly every Internet service provider and website using SSL to secure customer…