Mar 27, 2013

AlterEgo Now Works With Google Authenticator and Yubi Key

On Monday we announced that MailChimp users would get a 10% discount off their bill for enabling AlterEgo 2-factor authentication (it’s our way of incentivizing security).

Note: If you’re not sure what 2-factor authentication is, or how AlterEgo works with MailChimp, start here, then come back to this blog post. Ready?

Today I’m excited to announce that you can now use Google Authenticator and Yubi Key with MailChimp, by connecting them to AlterEgo. Basically, if you want to take advantage of our 10% discount, but you prefer those other security services, our attitude is, "great, just connect them to AlterEgo, and use them instead." AlterEgo serves as a "pass through" for Google Authenticator and Yubi Key. For Duo Security fans, rest assured–that’s also in the works.

To connect the other security services, just sign in to your AlterEgo account (or create an account) and go to the "Integrations" link:

On that screen, you’ll get step-by-step instructions for connecting to the other security services.

There are other improvements we made to AlterEgo that are worth pointing out…

One of the complaints we heard when we first launched AlterEgo was that it required a smartphone. That was in 2011, and you’d think that wouldn’t be as much of an issue now, but just to make sure we make security as accessible as possible, we added SMS-based challenge/response to AlterEgo. So when you’re prompted to generate a code for AlterEgo, you can click the "SMS" option instead:

AlterEgo will send you an SMS, and you can reply back with a Y or N:

Reply back with a "Y" and you’ll see the AlterEgo screen log in and take you to the MailChimp Dashboard. To enable SMS-based challenge response, log in to AlterEgo, go to "Your Account" and enter your mobile number in the "SMS Notifications" field. We don’t charge for sending SMS, but your mobile carrier might charge you. Yep, that sucks, but it’s cheaper than an account breach, so we highly recommend it (plus you’d be getting 10% off your MailChimp account).


Requiring 2-factor for sub-accounts

Once you’ve set up AlterEgo for your MailChimp account, you can also specify whether or not 2-factor should be required for other users who share access to your account.

Go to the "Users and account details" screen:



and then specify which account types should be forced to use AlterEgo:


For example, you should seriously consider making it required for Admins and Managers, who have access to more things (like Lists, API keys, etc).

SMS Security Notifications

In addition to AlterEgo, you can configure MailChimp to send you SMS notifications whenever something important is triggered inside your account. For example, we can text you if someone logs in to your account, or when they generate an API key, or when they download your list.

To configure these security notifications, go to My Profile:


then scroll down to the "Notifications" settings:



While I have your attention, a little while ago we required all new users to set up three security questions. This annoyed the bejeezus out of all of you, and you all told us so on Twitter. Yeah, sorry about that. We got less aggressive with those, but we also recently added the option to skip them altogether, and instead use SMS to prove who you are:


This makes things way more convenient whenever you try to change some contact information, or your password, or some other detail that we require verification for. A simple SMS code is way better than remembering your answers to three security questions you set up ages ago.

More integrations with AlterEgo are in the works. Stay tuned!