Two Factor Authentication: now available and required on Citus Cloud

Written by Will Leinweber
September 20, 2016

At Citus we want to build a database you can trust. Part of that is that we continue to advance Citus from both a usability and performance standpoint. Another part of that is that we ensure your data is safely stored and secure–we do this through things such as minutely backups via our continuous protection which replicates Postgres write-ahead-log to S3. And one part is ensuring you can trust your data is safe and secure.

We’ve done a number of things on the security front to date, and you can read more about our security measures stance on our site. Today, we’re taking one more step towards ensuring your data is safe and secure. As of today, we’re not only introducing Two-Factor Authentication (2FA) all Citus Cloud accounts, but also requiring 2FA to access all production databases.

2FA has been a best practice and has been steadily gaining adoption. Offering it is admittedly rather unremarkable at this point. But requiring it is something we’ve seen few products do. Many products have a special admin section where enforcement can be toggled for a given org. This toggle may make sense for less sensitive products, but for anything that holds your data, security isn’t optional.

While we want to protect your data, we also understand that enabling it creates some friction. Early on you just want to try things without having to go through the process of setting up 2FA. Perhaps on a product you haven’t yet decided you’ll put into production. To make this on-boarding easier, enforcement only begins 30 days after your org is created. After that any members without 2FA are no longer able to see details of their Citus Cloud formations. As soon as 2FA is enabled on their account the full experience is re-enabled. We hope you find this strikes a balance of both making it easy to try Citus, while still enforcing good practices for protecting your data.

Currently we support major 2FA token apps such as Google Authenticator and Authy, in the future we’ll be enabling more factors as well.

We've done a lot on the security front so far, but security is a process not a product, and there is always a long way to go. We look to continue improving here to keep you safe. If you have questions or feedback for us please drop us a line.

Will Leinweber

Written by Will Leinweber

Former principal cloud engineer at Citus Data & Microsoft. Loves challenging database problems. Core Heroku Postgres team. Speaker at PGConf.EU, RailsConf, PostgresConf US, Keep Ruby Weird, & several PgDays. Music lover.