Security is always something that can be improved and enhanced.
We demonstrated our commitment to your security from from day 1, by launching with security features unique to this market.
We have further hardened security of your iControlWP accounts by implementing email-based Two-Factor Authentication.
What is Two-Factor Authentication?
You’ll have probably heard of two-factor authentication as it’s been growing in popularity in recent years. It’s now an option for your Gmail, for example.
So what is it exactly?iControlWP two-factor authentication ensures that every time you log into your account, a verification is made that you are who you say you are.
Imagine the scenario where someone has discovered the password to your iControlWP account.
They could login pretending to be you and, at worst, they could wreak havoc.
But, what if just at the point when someone logs into your account we send an email to your registered account email address asking you to confirm your intention to login?
Not only would that person need the password for your iControlWP account to login, but they’d need full access to your email account too.
And this is how two-factor authentication works – it adds an extra layer of user-verification to your account.
Of course, we don’t charge any extra for this feature as we don’t have pricing tiers… it just comes as standard on all accounts.
Two-Factor Authentication For Email Address Updating
Until now, if you wanted to change your email address in iControlWP you simply did it by entering your new email and saving.
We never liked that – it meant if your account password was ever compromised by anyone they could update your registered email address in a couple of clicks.
No more. Changing your registered email address has 2 extra levels of verification.
- When you enter your new email address, a confirmation link will be sent to your original email address to confirm your intent to change it.
- After you click the link, you’ll be sent another confirmation link but this time to your new email address to verify it’s working and valid.
All these extra confirmation steps, while they might appear to be a little laborious, add serious levels of protection to your iControlWP account.
We feel, in an age where security is a constant concern for all users and web-based apps, any extra security measures are welcome.
iControlWP Login Notices and Password-Protected Account Preferences
Long-time users will be aware of the login-notice emails that all users receive when they log into their iControlWP accounts.
This notification email makes you aware when any unexpected login has occurred.
This email has changed in 2 ways with the latest release:
- If you have enabled 2-factor email-based authentication, this email is never sent.
- Users have the option to turn this email notification off in the preferences.
One other change we have implemented is that all personal and account preferences require the user account password or iControlWP PIN to be supplied every time you attempt to save changes.
Some people may not feel this is entirely necessary, but we feel this is critical to maintaining the integrity of user accounts.