Textline is making two security updates in the coming weeks to help our customers protect their accounts. While the Textline application has not been impacted, some customers' accounts have been compromised due to their reusing of passwords with other web applications. Unfortunately, this is a growing trend across the internet as more and more web app breaches occur and bad actors test the leaked credentials on other sites.

To help mitigate this, Textline will roll out:

Previously, Textline had this as a feature for admins to enable on their accounts, but due to the aforementioned spread of leaked credentials, multi-factor authentication will no longer be optional. MFA is a tried-and-true method of deterring bad actors, especially when credentials may be re-used across sites, as the MFA token is unique to each site.

Starting on June 12, 2024, any agent who does not have MFA configured must set it up before they can access Textline. We suggest you do this now by visiting your profile to set it up. By default, agents may use all 3 forms of MFA: authenticator app, SMS, and email. Any organization that wants to restrict which MFA options are available to their agents may do so in the authentication - security settings if their organization is on the Pro plan.

Another known method bad actors use is to log into a site with leaked credentials and wait for an opportune time to spring into action. Unbeknownst to the user, bad actors can lie in wait for hours, days, or weeks before making a move. Since this is a known method, Textline requires agents to sign in every so often (even as a configurable setting). However, we now need to add another tool to our arsenal: limiting concurrent agent sessions. This means that an agent can only log in to Textline once. If that same agent (or someone pretending to be that agent) logs in at some point later, the login session will be deactivated, and they will need to sign in again. This helps secure the agent's login by logging out anyone who may be lying in wait, but it can also alert the agent if someone else is successfully logging in to their account. If an agent feels as if they are being frequently logged out, we highly suggest changing their password and how their MFA token is delivered.

This change will be rolled out later in 2024. We suggest that if you are sharing your login with anyone else, you stop sharing and create other logins, if needed, as soon as possible as the release will not be announced.

While we know these changes are not the most convenient, security is a core tenet for Textline. We do not want to see accounts get compromised due to the lax security of other tools. It is vital to ensure our customers' security, as a breached account can also result in a phone number and its attached compliance settings being blacklisted. We appreciate you working with us to help secure your account and ensure trust in business texting.