More Advanced Security Features for Your Fastly Account
Security is one of our top priorities at Fastly. We recognize that having your account compromised could have a profoundly negative impact on your business, leaving you and your customers vulnerable and at risk. So, with enthusiastic feedback from our customers, we've been testing out ways to improve account security features. Today, we're pleased to release two-factor authentication and IP account access restrictions.
We strongly encourage our users to opt-in and enable these security features. Check out a step-by-step guide for using two-factor authentication and IP restrictions, as well as some more background information on the features, below.
What is Two-Factor Authentication?
2FA (also known as two-step authentication and two-step verification) is an optional security measure. It means that in addition to needing a username and password, you'll also need a time-sensitive security code generated by an application on your mobile device.
This is similar to Google and GitHub's 2FA approach, and it means that even if your username and password combination is compromised, a malicious party would still need to have your mobile device in possession to gain access to your account.
Here's how to enable 2FA on your Fastly account:
Get an authenticator app, such as Google's Authenticator, as well as a mobile device that can scan a QR code.
Follow these step-by-step instructions.
Download the recovery codes and store them in a secure place (in case you lose your mobile device).
Once enabled, your session will be valid for 14 days (a new authentication code will be requested every 14 days for each computer and browser you’ve used to access the Fastly application).
2FA and the Fastly API
If you enable 2FA via the user interface on Fastly, you will no longer be able to use a simple username and password combination when using the Fastly API, and must use the API key for authentication. Not all functionality is available through API keys, so you might want to check our API documentation beforehand.
Read More About 2FA
What Are IP Restrictions?
IP restriction is defined as a "whitelist" or register of IPs that are allowed to access your Fastly control panel. It adds an additional layer of security to ensure that only trusted networks are allowed to connect to Fastly.
IP access restriction allows your account's administrators to restrict which IP ranges can access Fastly. For example, if you restrict access to only the net block in your office network, then an attacker would have to be physically connected to your office network to log into your account.
These optional IP restrictions are not enabled by default. Here's how to enable IP access restriction on your Fastly account:
You'll need a list of the IP space that you trust (check out examples)
Follow these step-by-step instructions.
Make sure to include your trusted network. You can lock yourself out if you don't add the correct information.
Read More About IP Access Restriction
When it comes to security, our team is vigilant. We highly recommend that you enable both 2FA and IP access restrictions today.
At Fastly, we’ll continue to make sure your account is secure. Please contact our team at support@fastly.com if you have any questions.