Sign-in
Go to homeDocsAccount SettingsSecurity

Security

Buddy provides a series of features to keep your workspace and data safe from unauthorized access. A part of them is user-oriented, which means they are accessed from the user profile settings, whereas some are workspace-specific and restricted to the project owner and admins.

Project restrictions

These settings are available in the workspace Preferences and let you decide who can create new projects and add new users. By default, all restrictions are turned off.

Project restrictionsProject restrictions

If you are a workspace member, but cannot add projects or invite new users, please contact the workspace owner or admin to turn off those restrictions.

Password strength

By default, Buddy only accept logins of at least medium password strength. Administrators can turn on a setting that will force the workspace to accept strong password logins only.

Medium-strong password must contain at least:

  • 6 characters
  • one number
  • one letter
  • one special character
  • not more than 3 identical characters in a row

Strong password must contain at least:

  • 10 characters
  • one number
  • one uppercase letter
  • one lowercase letter
  • one special character
  • not more than 3 identical characters in a row

Two-factor authentication (2FA)

2FA provides an extra layer of security when logging into websites or apps. You can activate 2FA in your profile settings.

2FA switch location2FA switch location

Buddy offers two ways to set up 2FA: via SMS or an application like Google Authenticator or Authy.

2FA configuration2FA configuration

Recovery codes

Once the two-factor is activated, Buddy will produce a list of recovery codes. The codes can be regenerated at any time in your profile settings.

Make sure to print the codes and store them in a safe place or you will not be able to access the account in case your authentication device gets lost or damaged. ☠️☠️☠️

Recovery codes screenRecovery codes screen

Mandatory workspace 2FA

Workspace owners and admins can activate an option that will restrict users without active 2FA from logging in. The option is available in the workspace Preferences tab:

Mandatory workspace 2FA triggerMandatory workspace 2FA trigger

Developer API

Enabling the API lets you build your own apps and services and connect them with Buddy. The option is turned on by default in the workspace preferences:

Enable Developer API triggerEnable Developer API trigger

In order to use the API, you need an OAuth 2 token to authenticate. An example URL with the token looks like this:

https://api.buddy.works/user?access_token=000e0e00-00ba-0000-0a0b-c0b00000a0a0
$
Sign up for Buddy Digest

Best practices on CI/CD and fresh changelogs delivered weekly to your inbox.