The BrightGauge Blog

2 Factor Authentication & GDPR Update

Written by Brian Dosal | May 18, 2018

Today we launched Two Factor Authentication (2FA) for all user types!  

Head to your My Details page (in settings menu) and you’ll see a new sub-menu area with My Details, Password Reset, and Two Factor Authentication.  

When you click on Two Factor Authentication, you’ll be presented with an input box to enter your cell phone number.

 


We’ll then send you a text to confirm.

 

Once that is set up, every time you log in afterwards, you’ll be prompted to use the code sent to your cell phone.



If you lose your cell phone or change it, contact support and we can verify your identity and remove 2FA for you.  

 

And you can always disable 2FA anytime you’d like.

 

*Note: Be sure to not include any special characters or symbols in your authentication code.

 

Additional Updates

We have updated our legal docs and improved our security posture, making us now fully compliant with GDPR! As mentioned in our blog last month, we took the GDPR regulation as an opportunity to focus on security from top to bottom at BrightGauge since the beginning of 2018.  

You can visit our new security page for more details but below are the most recent and important changes:

  1. Updated Terms of Services and Privacy Policy to more specifically provide GDPR related privacy and terms.  And added a Data Processing Addendum.  These pages can also be found in settings of your BrightGauge account. 
  2. In an effort to be more transparent about how we handle your data, we added more information to our Security page.
  3. Updated internal security policies -  Information Security,  Risk Management, Incident Response / Breach Notification.
  4. Created a formal bug/vulnerability program for users to find and report vulnerabilities they see. 
  5. Performed and scheduled, twice annually, an external penetration test on our system. 
  6. Added Disk Encryption at Rest for our databases. 
  7. Updated & Increased our application monitoring tools to provide even greater visibility into data flow and potential malicious activity.
  8. Assigned a dedicated Data Protection Officer who is responsible for security and privacy at BrightGauge.
  9. Added a more stringent password policy for all user types.  
  10. Added the ability for personal data to be deleted / downloaded by request (a GDPR specific requirement).
  11. Worked with all our 3rd party SaaS applications to ensure they are GDPR compliant as well.

 

For more info, check out our https://www.brightgauge.com/legal/. 
View full post