Product Updates: Enhancing Security with 2FA and Custom API Keys
Your favorite email SMTP server, Pepipost is now even more secure. We've released the newest version of our platform to make things easier and more secure for you.
Here's a quick summary of the security updates:
- Secure 2FA with Google Authenticator and Email OTP option
- IP bound custom API keys to secure your software backend
What is the update all about?
Our teams strive hard to find ways of enhancing the security of your data, without adding complexity to your existing workflows.
With our newest update, we make it easy for you to login while making it highly improbably for someone else to do so.
Apart from that, we understand how your applications interact with our SMTP APIs. It's highly important that your API keys remain invisible to anyone apart from the development teams.
How does 2FA work?
At present, if you share your username and password with anyone in your team, they have access to your account.
But when you do that, it's difficult to know who else knows your credentials.
With the new updates, you can set up Two-factor Authentication (2FA) with either email OTP or Google Authenticator as an option.
After you set this up, you will need to use a one time auth code provided either on email or the Google authenticator app.
Since the code is sent to your email or is available only on the application, anyone else with your login details cannot access your account.
Keep in mind that although 2FA provides a significant security boost to your accounts, experts still recommend using strong passwords and utilizing password managers when possible.
How do Custom APIs work?
Until now, you had access to an API key that you could share across your applications.
Now, you can create custom API keys that can be bound to specific applications by providing a name so you know where a request originated from.
When you create a custom API key, you can optionally bind the key to a set IP addresses. Any request origination from an IP apart from the ones entered will be blocked.
This is especially useful if you already have a set of IP address that your applications work on.
How to enable the updates for your account?
Let's talk about enabling these updates for your account. We'll go over the steps to enable Two Factor Authentication (2FA) first.
Steps to enable 2FA
Once you've logged in to your account, follow the steps below:
1. Begin by clicking on your username on the top right on the screen and then click on the "Profile" option.
2. Scroll down and turn the switch on where it says "Google Authenticator"
3. After enabling, you'll be guided to download the Google Authenticator app from the Play Store or Apple Store and then scan a QR Code using the app.
This serves to identify your app with your login credentials. After scanning the code, Google Authenticator generates a 6 digit temporary code that you need to enter.
From the next time you login, you will be asked to use the app and enter the 6 digit code there.
This is a quick summary of the most recent updates. We'll update this post with the steps to use Custom API keys once it is rolled out for all our users.