Added security for your account

By popular request from our community, we’re happy to announce two new security features now available on all accounts: two-factor authentication and application-specific passwords.

Two-factor authentication on

two-factor-authTwo-factor authentication is designed to keep your account safe in the event your password is compromised. Our two-factor authentication implementation augments your password — i.e. something you know — by requiring you to enter an ever-changing numerical code displayed on your phone or tablet — i.e. something you have.

Enabling two-factor authentication is a simple process that involves a few steps. You’ll need to install a one-time password app (like Google Authenticator, available for iOS, Android, and Blackberry) on your phone and scan a QR code from your computer. Your one-time password app will generate a six-digit code, which you will enter into your settings when prompted.Screen Shot 2013-03-12 at 1.49.08 PM

After completing these steps, every time you log in to your account, you will enter your authenticated code from your phone or tablet.

During the process, you will be given a set of back-up codes in case you lose your phone or tablet. It is important to print those codes out and keep them in a safe place.

You can enable two-factor authentication on the Security section of your account settings.

Application-Specific Passwords on

The second feature — application-specific passwords — is just as important and helps keep your account’s main password safe. When a native app requests that you log in, instead of using your account’s main password, you can generate a special one-time use password. This can be used by itself or in conjunction with two-factor authentication.

This password cannot be used to authenticate other applications, nor can it be used to gain additional permissions beyond the permissions initially granted.

You can enable application-specific passwords on the Security section of your account settings.

Both of these features help to protect your account, content, and access to third-party apps built on the API.