Any account on Underscore Backup now has account hijacking protection enabled by default. What this entails is that certain high-risk operations now require that all active backups need to be turned off for a default of 3 days (Configurable between 0 and 7). This means that if your online account was compromised you would also need to turn off all your running backups before an attacker will be able to assume control of your account.
The operations that are as of now deemed critical to your account and require a certain amount of backup inactivity are.
- Deleting your account.
- Changing the email tied to the account.
- Loosening of the hijacking protection settings.
- Deleting a source (Only requires the specific source to be deleted to be paused).
You can also optionally limit the private key recovery feature in the same way however this feature is not enabled by default since it would increase the Restore Time Object in the case where the private key password is lost.
You can change the account inactivity settings by going to the Danger tab in your account settings as illustrated in the screenshot below.
0 comments:
Post a Comment