NEWS
NEWS
NEWS
Etsy Scales User Security With New Web Security Features
Walking hand in hand with latest security standards, Etsy has introduced a set of three security features for its website; two factor authentication, full site SSL support, and viewable login history data. As of now, Etsy is offering these features to its members on an opt-in basis as a commitment to account safety, and owing to rising security concerns across the web.
Talking about the two-factor authentication, users signing into Etsy from a new browser, and every 30 days in the same browser, will be asked to enter a second code after the password when signing in. This second code will be generated and sent to their phone via SMS or voice call at the time of sign in. Etsy used A/B testing technique for this feature testing and implementation.
With Login History, you can go to the Security Settings page to view the ten most recent logins to your Etsy account by location, making easy to access the last visited or viewed pages.
Among all these, what’s more important is the full site SSL that Etsy has implemented on its site.
Interestingly, the Etsy Security Team has described their complete experience of implementing the SSL feature, which was not very smooth. Initially, it looked like a simple change, and started with set up a test where they attempted to make the site fully SSL by disabling the load balancer rules that forced some pages down to HTTP. But this resulted into a thrilling explosion in the error logs! So, they started up again by making all codebase HTTPS friendly. It was followed by moving the logic for enforcing whether a URL could be HTTP, HTTPS, or both from the load balancer to the application itself. The entire process involved close Dev-Ops collaboration.
Why Etsy introduced the site SSL feature on an opt-in basis is because their prime motive was to provide it to those members who use riskier shared network mediums such as public WiFi. On analyzing metrics around CDN performance, page performance times of SSL vs non-SSL, and overall load balancer SSL capacity, they’ll be soon moving towards defaulting to full site SSL for all members and visitors.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
