Aug 19, 2013

AlterEgo Integrations for Easy Authentication

It feels like almost every day you see someone’s email or social network account getting hacked and sending spammy messages. Many of these services are now offering two-factor authentication to lower that risk. As you might know, we created AlterEgo to offer that service for MailChimp accounts, and developers can also use it to create a multi-factor authentication options for their own products.

With AlterEgo enabled, each time you log in to MailChimp, you’ll be prompted to enter a temporary code. You can get this code from the AlterEgo mobile app, or, as I’ll explain in a moment, through a variety of other options.

Here’s how to quickly set up AlterEgo for your own MailChimp account (as an added bonus, when you set it up with your MailChimp account, we’ll give you a 10% discount on MailChimp purchases).

Too many two-factors?

If you’ve already got two-factor authentication set up for other apps you use, you might not want to set up another one. That’s why we have a number of integrations with AlterEgo.

Duo Security, YubiCo, Google Authenticator, and Toopher are all a part of this AlterEgo update. These can be found under the Integrations tab in your AlterEgo account, but we’ll walk through some details below.

YubiCo

YubiKey offers the convenience of not having to pull out your phone, type in your passcode, and then open up your text or two-factor authentication app. So when you’re logging in to your MailChimp account and are presented with a field to enter your verification code, just click in the field and press your finger on the device.

yubikey

Before you can integrate with YubiCo, you need to purchase a YubiKey if you don’t already own one. Once you have your YubiKey, click Connect under the Yubico section of the Integrations page. It will ask you to click in the field and then press your finger on your YubiKey. Voila!

Google Authenticator

If you’re already a Google Authenticator user, this option makes it possible to keep MailChimp with your other logins that use Google Authenticator. No need to have a second app or wait for an SMS message with a code.

Connecting with Google Authenticator requires installing the Google Authenticator app on your smartphone.  After clicking Connect, you’ll be presented with a QR code. Open your Google Authenticator app, click the + sign and tap Scan barcode. Once it’s scanned, click I got it! back in AlterEgo, and you’re all set. Google Authenticator continuously provides an auto-refreshing six-digit code, instead of sending one via text or tapping a button to generate a code. Just open up the app, locate the code that’s associated with AlterEgo, and type it in when prompted.

Google

Duo Security

Duo Security users can also connect to AlterEgo. To do that, create an “AuthAPI” integration in your Duo Security account. Once that’s set up, you’ll enter your Integration Key, your Secret Key, your API Host Name, and your username (ask your Duo admin if you need help getting that information). Next, you’ll see a form to fill out with your phone information. Once filled, click Continue, and follow the steps on the next pages. With Duo, to log in to your account, just open the app and tap the key icon to be shown a six-digit code.

Duo

Toopher

Toopher is another app you can install on your smartphone. One of the nice things about Toopher is that you can have a challenge sent to you, then allow or deny the login with just one tap. In addition, you can allow it to automatically approve anytime you’re near your location, and you won’t have to take out the device to approve.

Click Connect, and you’ll go to a page that’ll ask for a username and pairing phrase. In the Toopher app, add a service, and wait for the pairing phrase to generate. Type the phrase in your AlterEgo account and click Pair, leaving the username field as it is. Follow the steps on your mobile device, and that’s that.

After AlterEgo is set up for your MailChimp account, you can use Toopher to log in by entering your username and password. Then, on the next page when it asks for a code, click Log in with SMS. This will allow you to allow or deny the login, as well as turn on the Automate when near here switch.

Toopher

One other note on Toopher: You’ll have to remove your phone number from your AlterEgo account. Currently, AlterEgo has a default order of ways to authenticate, so a phone number will be chosen over Toopher. However, manually organizing the order of integrations is in the works.

We have lots of measures in place to keep MailChimp accounts safe, but adding security to your own account is worth the extra step, especially in this day and age. While two-factor authentication doesn’t guarantee stopping someone from accessing an account, it will certainly slow them down. And hey, saving 10% on your MailChimp purchases is pretty swell, too. Nothing like saving money and feeling secure, right?

If you’d like to read more about keeping your accounts safe, check out our Email Security guide.