Two‑Factor SMS Authentication
May 6, 2011
Protecting your customers’ personally identifiable information (PII) is absolutely vital. We want to give you the tools to keep your data safe. Effective today, we’ve introduced two-factor SMS Authentication which we will be rolling out to sensitive parts of our system. The next time you login, you’ll be prompted to set up an SMS number that you can use to receive occasional verification confirmations when performing certain sensitive actions, starting with list downloads. By default, when downloading from a list, you will receive not email addresses but an “Email Hash”. This is a one-way md5 hash suitable for doing comparisons and uniquely identifying users, but it is not possible to reverse-engineer the email address easily from that hash.
Sailthru users must be specifically granted permission to download unencrypted email addresses. Super Admins can grant this permission to users via the User Settings page, but please think long and hard before granting this permission. Although too often people pass around lists of email addresses casually, this is private, personal, valuable data and it is often not necessary to download raw emails. If your goal is to compare users in the Sailthru database against users in your own database, we’d recommend you build your tools to compare the md5 hash. When you download a list, if you have PII permissions, you will see an option to choose whether the email addresses are encrypted or not. By the way, these security measures are measures we’re taking on our own side as well. We’ve always encrypted the copies of the datasets that we give out to our developers, and our entire support team will now have the same limited access to download email addresses that we’re suggesting that you give out. We’re going to continue to review and improve our suggested security practices. We want to set a standard for the industry in keeping user data safe. Please let us know if you have any questions!
Publishing in a Cookieless World: How First-Party Data Is Transforming Media Companies
Third-party cookies have made it easy for media companies to reach subscribers. But by 2022, Google will say goodbye to them forever. Find out why you need first-party data moving forward.
Personalization vs. Segmentation: The Real Difference and Why it Matters
Personalization is many things to many marketers. For some, it’s a business strategy that increases customer lifetime value and paves the way for profitable,...
How Personalization Can Enhance Email for Publishers
Email for publishers is having a moment in the sun. Throughout the coronavirus pandemic, subscriptions have been on the rise and it’s been paying...