At Spotlight Reporting, we continually invest in security best practices to ensure that your data stays safe. Today, we’re adding Two-Step Authentication to provide an additional layer of security when logging into your Spotlight Reporting account.
While usernames and passwords have long been the standard method of securing accounts online, it's easier than you think for someone to steal your password. Simple things, like having the same password for multiple accounts, or clicking on a link in an email, can put you at risk of having your password stolen.
Adding another level of security with Two-Step Authentication makes it harder for an attacker to access your account. Two-Step Authentication protects your account by supplementing your password with a unique code sent to your phone or email during the login process. Enabling this extra layer of protection means that your data will be more secure.
How it works
Setting up Two-Step Authentication in Spotlight Reporting is very straightforward. To set it up:
1. Log in to Spotlight Reporting, and click the “My account” navigation link in the upper right corner, then click “Two-Step Authentication”.
2. On the Two-Step Authentication screen, select the method you’d like to authenticate your account with:
SMS: Enter your phone number (make sure to include your country code, e.g. +64).
Email: The email address you logged in with will be used for authenticating.
3. Once you’ve selected and confirmed your method, you’ll get an email or SMS with a unique code. Enter this code and voila 🔐
4. Next time you login, you’ll be prompted to enter a new unique code that is sent to your email or phone. You’ll be able to select “Remember this device for 30 days” as an optional setting. If you select “Remember this device for 30 days” you won’t need to perform the second authentication step on that device for 30 days.
For this initial release, individual users have the option of enabling Two-Step Authentication when they login to Spotlight Reporting. Depending on the uptake of the feature, and the feedback we receive, we may look into making this a practice-level setting enforceable by the administrator. Please share your feedback.