We’re proud to announce our newest security feature: You can now connect your Small Improvements account to your mobile phone, and then when you log in with a new browser for the first time, you’ll be asked to produce the SMS token (or app-generated token) to prove that you actually have the phone. You only do this once per browser of course.
This little step increases security a lot: Imagine a hacker were able to obtain your password elsewhere (e.g. from a hacked online-service you used). Without 2-step verification, they can log into all of your accounts easily. But they can not log in to SI (nor other 2-step protected services) because they will have to enter the SMS token as well – but they don’t have your phone, so they can’t receive/generate the token.
Now, you don’t have to force all your SI end users to enable 2-step verification. But it would be a good idea to enable it for all your admin staff, and maybe for the CEO and CFO, because those users have access to a lot of confidential data and would make great targets for hackers.
You’ll find more about this feature in our documentation page.