How 2FA, and other security features work to protect your account

Valerio Barbera

Hi, I’m Valerio Barbera, software engineer, founder and CTO at Inspector.

A recent product update introduced new security features for the Inspector user account. 

I learned a lot more about the implications of security on the user experience and I realized that some details are not clear to many developers so they are too slow to implement security patterns in their applications.

I also wrote a guide on how to develop a filter to preventing users from using weak passwords in Laravel. Click on the link below to read more: https://inspector.dev/how-to-prevent-users-from-usi-insecure-passwords/

Let’s talk about 2FA, Password Confirmation and Logged-in devices control.

Password Confirmation

Every critical action should require a password confirmation. You should always prompt the user to type the current password to authorize actions that can compromise the account accessibility, like change email, change password, logout other browsers sessions.

For some time I have seen this feature spread and I believe it’s important to make it available to my customers.

This feature will improve security because also having physical access to the computer with the Inspector dashboard opened on the screen, a malicious user can’t change access credentials without knowing the current password. He can’t shut you out.

Control Logged-in devices

This feature allows users to check out the logged-in devices and easily log-out from other devices with a simple click.

Here is a screenshot of the new profile page.

Three actions at your fingertips:

  • Displays currently logged in devices;
  • Log out from all other devices except the currently logged-in device.
  • An option to disable multiple device logins altogether. This means that a user can only be logged in from one device at a time.

If you log in Inspector from your smartphone, you will see this new device in the logged-in devices list. This will allow you to identify unknown devices in the list, disconnect them with a simple click, and change your password to protect your account from unexpected authentications.

Two Factors Authentication

Are you using the same password for multiple websites including Inspector? Are you accessing Inspector from public or shared computers?

Such actions weaken your password and make it easier to steal.

That’s why we implemented two step verification. An optional security feature that helps protect your account even if your password is stolen or cracked.

This feature will improve security because signing in requires two things:

  • Something you know: Your Password
  • Something you have: Your Phone

If an attacker crack your credentials he cannot authenticate into your Inspector account because he doesn’t have your phone to provide us the security code.

Laravel application monitoring

If you found this post interesting and want to drastically change your developers’ life for the better, you can give Inspector a try.

Inspector is an easy to use Code Execution Monitoring tool that helps developers to identify bugs and bottlenecks in their application automatically. Before customers do.

screenshot inspector code monitoring timeline

It is completely code-driven. You won’t have to install anything at the server level or make complex configurations in your cloud infrastructure.

It works with a lightweight software library that you can install in your application like any other dependency. You can try the Laravel package, it’s free.

Create an account, or visit our website for more information: https://inspector.dev/laravel

Related Posts

aws sqs in a large scale laravel application inspector

AWS SQS in a large scale application

In today’s article, I’m going to show you how we use AWS SQS in our Laravel application, and how it helps us to manage 1.6 billion operations each month. In the image below you can see our typical bill for a month of AWS SQS usage: Before entering in the details of our system design

How to implement a reusable tooltip directive in Vuejs 3

Custom Tooltip Directive in Vuejs 3: Tutorial

Custom directives in Vuejs 3 are one of those things where there is no compatibility with the previous version of the framework.  Working on the new version of the Inspector frontend dashboard I had the need to show tooltips in many different points of the application. The goal was immediately to avoid duplicate code. Before

Why and how to create an Event Bus in Vuejs 3

Have you ever used an event bus in Vue 2 and don’t know how to recreate it in Vue 3? Since I’m working on the 2.0 version of my product’s UI (to be released in May) I’m publishing some technical tricks I learn migrating my application from Vuejs 2 to Vuejs 3. The current version