Oct 12, 2011

AlterEgo iPhone and Android Apps: Free 2-factor Authentication for MailChimp Users

AlterEgo 2-factor app in action

We launched AlterEgo, our free 2-factor authentication service, back in May (here’s the back story, if you missed it). When we first launched, it was only available as a web app, which is nice and universally accessible, but not quite as snappy as a native app on your smartphone. And when it comes to logging in to an app, snappy’s really important. So the guys in our mobile lab built AlterEgo apps for iPhone and Android. Now, it’s super easy and super fast to add an extra layer of security on top of your MailChimp account. If you haven’t tried AlterEgo, you should activate it for your MailChimp account (it’s free), and then download the app to your smartphone:



What’s this all about?

If you’re not sure what all this 2-factor stuff is for, or if it’s right for you, here’s some basic information. 2-factor authentication is just one extra layer of security you can add to your login process. Lots of financial institutions offer it with their online banking services, for example. The idea is that even if someone stole your password, they still can’t get into your account unless they also have a key fob (or some other physical device) that generates a random passcode. The password is "what you know" and the key fob is "what you have." It’s easy to steal what you know, and it’s easy to steal what you have, but not quite as easy to steal both. Here’s a wikipedia on 2-factor authentication.

It’s fascinating stuff. It’s also expensive. Usually. RSA’s SecurID is perhaps the most well-known 2-factor product, but there’s also Verisign’s product, YubiKey, Google’s 2-factor for Gmail, Facebook’s take on 2-factor, DuoSecurity’s very impressive suite, and even video game company Blizzard has had to offer 2-factor authentication for their World of Warcraft game.

We created our own 2-factor service for MailChimp because we have special needs. First, we wanted it to be completely free. Second, with over 1 million users, we wanted something hassle-free and easy to use. Our 2-factor solution is biased a little more towards user-friendliness than absolutely impenetrable, Fort Knox-like security (but for good measure, you can also activate these other free security options within MailChimp). Lastly, we wanted it to have an API so that other web app developers could offer 2-factor authentication for free to their users too.


Why you should care

Hackers really, really, really, really,  really,  really,  really,  really,  really,  really,  really,  really,  really,  really,  really,  really, want your email list. They’d also love to steal your MailChimp credentials and use your MailChimp account (and its awesome deliverability) to send their spam. Doesn’t matter if you have an extremely large list, or an extremely small list — you should care. And, ftr, here are some of the different ways we care at MailChimp.


How to use AlterEgo with MailChimp 


1. First, you’ll need to create a free AlterEgo account over at Alteregoapp.com.


2. Download the free AlterEgo iPhone or Android app.  


3. Authorize the AlterEgo integration inside MailChimp. Sign in, then go to Account –> Integrations, and then look for:



4. It’ll ask you to sign in to your AlterEgo account, and then it’ll ask you to "Allow MailChimp:"



5. That’s it. Next time you sign in to MailChimp, you’ll enter your username and password like always, but then you’ll see this extra screen (mind the sword):


that’s your cue to unsheathe that mighty smartphone, open up AlterEgo, and generate your passcode:

Click that blood-red button, and you’ll instantly experience that familiar, oh-so-satisfying sound of metal being scraped against metal. Next, that undeniable "schwing!" sound that man has learned to fear will echo from the walls of your cubicle. Do not be surprised if you see lightning strike outside your window. And do not be surprised if your co-workers suddenly bow down before you in defeat. Take their staplers, their pens, their ergonomic mouse pads — whatever spoils those feeble, non-AlterEgo-users offer you. That warm feeling pumping through your veins right now? Yeah. That’s power. Henceforth, you will feel that every time you sign in to MailChimp.

No lamb for the lazy wolf, fellow viking.



If you’re not interested in 2-factor authentication, we have other security options you should activate, like Security SMS alerts and geolocation detection. You may also want to check out our free guide: Email Security. Can’t get enough paranoia? Check out Unfurlr, an app we built to reveal what’s hiding behind suspicious shortened links.