Two-Factor Authentication & Security Auditing Now Available for all MongoHQ Accounts

Today, we’re rolling out two new security features to help all MongoHQ users to take control of their account security: two-factor authentication and a security auditing tool. We’ve put a lot of thought into developing the best tools that we can to help keep your account secure. By arming our users with an extra layer of security and additional account activity information, they can be more confident that their data is secure. ## [Two-Factor Authentication](http://docs.mongohq.com/security/mongohq-two-factor-authentication.html) MongoHQ now provides the option for users to [enable two-factor authentication](http://docs.mongohq.com/security/mongohq-two-factor-authentication.html) to gain access to their databases via the MongoHQ web application. This feature greatly enhances the protection around your MongoHQ account and substantially decreases the likelihood of unauthorized access to your databases via a username or password in the wild. [Enabling two-factor authentication](http://docs.mongohq.com/security/mongohq-two-factor-authentication.html) (2FA) is straight-forward and takes just a couple of minutes. It is one of the simplest ways to protect your MongoHQ account. MongoHQ two-factor authentication works with standard SMS and with all the popular authentication apps, including: · Google Authenticator · Authy · Duo Security **Ensure 100% compliance with team-enforced two-factor authentication** An additional feature of our two-factor authentication is that it allows the account owner for your account to enforce all users on the account to enable 2FA before being able to log back into the MongoHQ application. This is a quick and easy way to ensure that you have 100% adoption of this security practice in your organization. **Providers** For users of MongoHQ that access their web application through a provider portal, the provider regulates the procedure for authentication. In these scenarios two-factor authentication needs to be enabled at the provider level, so users will need to check with their provider to see if 2FA is an available option. [Read more about two-factor authentication and how to activate it](http://docs.mongohq.com/security/mongohq-two-factor-authentication.html). ## [Security Auditing](http://docs.mongohq.com/security/account-activity.html) The new security auditing tool allows you to [monitor your account activity](http://docs.mongohq.com/security/account-activity.html) with an audit trail of all successful and attempted events on your account. Information like this is valuable because it provides you with an easy way to monitor all the events that happen to your MongoHQ account and ensure that all are within the bounds of what you and your team expect. **Events that are monitored** - Login attempts (by IP address) to your MongoHQ account, including both successful and failed logins. - Adding/removing MongoHQ users to your account. - De-provisioning a database. - Adding/removing users on a database. - Changing the version of a database. - Issuing replica set state changes from the web interface. [Read more about our Security Auditing feature and how to access it](http://docs.mongohq.com/security/account-activity.html). ## [Questions](mailto:support@mongohq.com) If you have any questions about our new security features please contact [support@mongohq.com](mailto:support@mongohq.com)