While we all know we shouldn’t do it, the truth is that many people use their passwords across multiple sites. As more and more big sites are compromised and encrypted (as well as even unencrypted!) username and password combinations sometimes fall into the hands of bad guys. The risk that your account can be compromised by someone with your username and password is growing all the time.
To address the risks associated with passwords, we’ve just launched a security-strengthening feature to your Accelo account. If your account is connected via the Google Apps Marketplace, you can now enable Single Sign-On Only access, requiring users to login only through their Google Apps account.
This means that your Accelo account is protected through Google’s highly secure infrastructure - a successful login with Google becomes the only source of access to Accelo. If you enable this Single Sign-On Only authorization, users will no longer be asked for their username and password when logging into Accelo - instead, they’ll see a big blue button and once they’ve logged in via Google Apps they’ll be automatically logged into Accelo using a secure and established technology known as OpenID.
There are two reasons why this is a good idea. Firstly, as the largest internet company in the world, Google is uniquely placed to monitor global threats with the ability to see and respond to attacks from the bad guys (particularly ones where they try and break into a lot of accounts one after another). The other reason for relying on Google is that they support a service known as Two-Factor-Authentication which makes it much harder (or impossible) for the bad guys to break into an account even if they have the right username and password.
Here’s a step-by-step guide to setting up your SSO-only Accelo account. Important to note: this process can only be completed by admins of Accelo and the Google Apps Marketplace.
How do you know if your account is already connected to Google Apps Marketplace? One way to tell is if you’ve got a big Google Apps button on your login page, like so:
Step 1: Connect your Accelo Account to your Google Apps Domain
(skip to step 2 if you are already connected via the Google Apps Marketplace)
Head to the Accelo listing in the marketplace and click “Add it Now.” Then, allow Accelo to access your domain. Follow the steps in the wizard and you'll eventually end up on a page at signup.accelo.com. Invite your colleagues (who are in Google Apps but not your Accelo account), and you're done.
Remember, you can only do this if you are an admin of your company’s Google Apps domain.
Step 2: Enable Single Sign-On in Accelo
Head to your Accelo Integrations page and inside the Google Apps section, turn on the Security restriction which will ensure that ONLY Google Apps Single Sign on (SSO) will be permitted.
Now, your users will have to sign in with their Google Apps accounts. Your company’s deployment sign-on page should look like this (as you can see, you can’t sign in with a username and password):
Step 3 (Optional): Activate 2-Step Verification for your Account
If you’d like to add more than just password protection via Google Apps, you can add your phone to the mix with 2-step verification. It’s simple: Whenever you sign into Google, you’ll enter your username and password as usual. Then, you’ll be asked for a code that will be sent to your phone via text, voice call or mobile app.
From then on, you won’t be asked for a code again on that particular computer. If you or anyone else tries to sign in from another computer, they’ll be asked for two-step verification. This adds an extra layer of security. Someone who tries to sign into your Accelo account will need to know your Google Apps password AND have your phone on hand in order to obtain access.
Set up 2-step verification from Google Apps here.
The good news is that this is just part of our ongoing security work here at Accelo, and we’re looking at introducing 2-Factor Authentication an an option for our other users. If you’re interested in discussing this with us (as there may be costs associated with this sort of service) please email [email protected].