Two-factor authentication (2FA) is now available in ftrack Studio 4.3 and ftrack Review. Below, our CTO Magnus Eklöv, takes a closer look at this new feature, how to use it, and why we’ve introduced it.
We’re on the cusp of a new decade, and the creative technology we use as we teeter on the edge of 2020 is a great deal different than that of 2010.
When this decade started, global workflows were possible, yet they were unproven and untested. Fast-forward to today and a distributed approach is not only the norm but a necessity. A global infrastructure props up much of the work we do: tools are advanced enough to send massive, complex files from one end of the globe to another with a click; creative companies can find the best third-party talent and work with them across oceans; studios can optimize output via a chase-the-sun, 24/7 production cycle.
However, these benefits came with a proportionate escalation in threat to security. And this is something we think of a great deal at ftrack.
Our tools are built to expedite today’s remote, distributed workflows, but they’re also built to keep all creative content secure and free from prying eyes. The security of all content is of fundamental importance to us. That’s why we continue to have our services evaluated, to pass assessments by content protection initiatives like the Trusted Partner Network, and to add new security features into ftrack Studio and Review – incuding features like two-factor authentication.
Two-factor authentication (2FA) in ftrack
Implementing 2FA login to both ftrack Studio and ftrack Review is another step forward in our ongoing security strategy. We want our users to feel even more confident that the great work they produce remains behind locked doors, and 2FA is a sure way of making that happen.
With 2FA – introduced in our ftrack Studio 4.3 release – users can add a second verification layer on top of user passwords as part of the identification/login process. Working this way, the user logging in must access another physical device (mobile, desktop, or other) to confirm that they are 100% the right person attempting to login to the ftrack account.
Prioritizing security at ftrack
Considering the way that we share and distribute work, using a password alone to prove identity is not enough. The creative process takes place over open networks and uses services in the cloud, and there are too many people with bad intentions looking to steal data for profit.
Passwords can be effective against this threat…if you use them effectively. If you’d like to know more about secure passwords, be sure to read this blog by Charlotte Empey. It offers plenty of great advice on creating passwords that can’t be brute-forced.
However, I find it’s easier to act more safely when using a workflow that uses secure authentication by default. Remember 1996’s Mission Impossible? There’s that fantastic CIA heist scene in which Ethan Hunt dangles upside down, making his way past a vault’s exceptionally advanced security systems and towards its central computer. I believe Hunt would have faced an even harder challenge had he then found himself face to face with the 2FA workflow we have implemented in ftrack.
Keeping your data secure from intruders (although probably not those hanging from a ceiling) is what 2FA is all about.
How to use 2FA
We have based ftrack Studio and ftrack Review’s 2FA workflow on best practice. To use the 2FA feature in ftrack, you must first activate the feature in ftrack’s account settings. Next, ensure you have a mobile phone or another device with an authentication app installed and prepared.
(There are many authentication apps to choose between; select one that your head of IT recommends or the one that best fits your needs. A few commonly used apps are Authy, Google Authenticator, Microsoft Authenticator, and Duo Mobile. They all work a little differently. I prefer to use Authy. It works well on almost any device, and since I use all kinds of tech, I can use it on all my devices: iOS, Android, Mac, and Windows computer.)
To login in using 2FA:
- Open your ftrack login screen
- Add your credentials, login name, and password
- We will verify these credentials against the ftrack database or LDAP source. If the credentials are valid, a new screen will display, asking for a code (a “one-time password” or “OTP”)
- Use your device and authentication app to generate the OTP
- Enter the OTP generated from your app…and you’re in!
2FA adds a small step to your login process, but the security reinforcement this process introduces is considerable.
We’re working in a more open, distributed industry than ever. Security should not be an afterthought; it should be your priority. You can never emphasize the importance of security enough to your team, so please consider adding it when you’re up and running with ftrack 4.3!
Read our documentation around 2FA in ftrack
ftrack recently acquired Cospective, creator of cineSync: the industry’s most secure synchronized media review and approval tool. Learn more about cineSync and its security features.