Security

The Security section provides an overview of the security features and best practices for our self-hosted status page software.

Two-Factor Authentication (2FA)

Our self-hosted status page supports security standards such as Two-Factor Authentication (2FA) to enhance account security. We strongly recommend utilizing this feature to secure your account effectively.

Two-Factor Authentication adds an extra layer of security by requiring a second authentication method in addition to your password. This can be an OTP (One-Time Password) generated by an authentication app like Google Authenticator or a text message (SMS) sent to your mobile phone. By utilizing 2FA, even if an attacker gains knowledge of your password, they would still need to overcome an additional authentication method to gain access to your account.

To configure and enable Two-Factor Authentication, all created users can navigate to their profile page at /user/profile. There, they will find the necessary settings and options to set up 2FA. We recommend using an authentication app as it provides a more secure option compared to SMS-based 2FA.

Enabling Two-Factor Authentication helps protect your account and contributes to preventing unauthorized access.

Private-Page Feature

Our status page software offers a powerful Private-Page feature that allows customers to secure their status page from unauthorized access, even if it is publicly hosted. This feature is especially useful when the status page is intended for internal use or limited to specific team members.

By enabling the Private-Page feature, customers can restrict access to their status page, ensuring that only authorized individuals or internal teams can view the status updates and incident details. This provides an added layer of privacy and control over who can access sensitive information regarding service disruptions or incidents.

To configure the Private-Page feature, customers can access the administrative settings of the status page and enable the private mode. They can then manage user access by specifying user roles or granting access to specific email domains or IP addresses. This granular control allows customers to tailor the access permissions to meet their specific needs.

By utilizing the Private-Page feature, customers can maintain the confidentiality and integrity of their status page, ensuring that only the intended audience can view and monitor the service status. This feature is particularly beneficial for organizations that require internal status updates or have specific privacy requirements for incident reporting.

Please note that enabling the Private-Page feature requires administrative access to the status page and careful consideration of user access and permission management.