Security is Bugcrowd’s top priority. We are continuously exploring new ways to secure our users’ personal information and the vulnerability data that lives in our platform, and securing that data starts with securing how it’s accessed. That’s why, starting today, you can now view and manage all of your active sessions on Crowdcontrol through a simple interface enabling you to identify potentially fraudulent activity.
The Active sessions interface will let you view the browser, operating system, IP address, and recent activity for all of your account’s sessions. Additionally, you can immediately revoke any session with a click of a button. If you see a session you don’t recognize, revoke it immediately and contact Bugcrowd support if you believe your account may have been compromised.
Our goal is to ensure that you’re always in full control of your (and your organization’s) data. To that end, you will now be prompted to reauthenticate with a password (or, if your organization requires it, through your SSO provider) when attempting to view or change sensitive data.
For your convenience, your sessions will now last indefinitely, and you’ll retain access to perform non-sensitive actions (like viewing a program brief or submitting a vulnerability) without reauthenticating.
In the coming months, expect to see more session management features, including improved alerting and improved two-factor authentication functionality. In the meantime, keep an eye on that Security tab, and stay safe out there.