Two-Factor SMS AuthenticationMay 6, 2011 - by Marketing Team
Protecting your customers’ personally identifiable information (PII)is absolutely vital. We want to give you the tools to keep your data safe. Effective today, we’ve introduced two-factor SMS Authentication which we will be rolling out to sensitive parts of our system. The next time you login, you’ll be prompted to set up an SMS number that you can use to receive occasional verification confirmations when performing certain sensitive actions, starting with list downloads. By default, when downloading from a list, you will receive not email addresses but an “Email Hash”. This is a one-way md5 hash suitable for doing comparisons and uniquely identifying users, but it is not possible to reverse-engineer the email address easily from that hash.
Sailthru users must be specifically granted permission to download unencrypted email addresses. Super Admins can grant this permission to users via the User Settings page, but please think long and hard before granting this permission. Although too often people pass around lists of email addresses casually, this is private, personal, valuable data and it is often not necessary to download raw emails. If your goal is to compare users in the Sailthru database against users in your own database, we’d recommend you build your tools to compare the md5 hash. When you download a list, if you have PII permissions, you will see an option to choose whether the email addresses are encrypted or not. By the way, these security measures are measures we’re taking on our own side as well. We’ve always encrypted the copies of the datasets that we give out to our developers, and our entire support team will now have the same limited access to download email addresses that we’re suggesting that you give out. We’re going to continue to review and improve our suggested security practices. We want to set a standard for the industry in keeping user data safe. Please let us know if you have any questions!