Q: How do I reset my password?
You can reset your password in your Slack profile settings. In addition, team owners and administrators can now easily reset passwords for an entire team at once using our new password kill switch feature.
If your Slack team uses single sign-on (SSO) you do not need to reset your password as we do not store passwords for users with this feature enabled.
Q: Why are you releasing Two Factor Authentication now? Why not earlier?
Two Factor Authentication has been in development for the last few months. It is a complicated change which requires additional support resources, administrative capabilities, changes to all applications, mobile and desktop, and extensive testing. We were about a week from release, with just a few small UI tweaks to simplify and clarify the usage experience.
We have decided to release it immediately, despite the remaining bits of clunky-ness: the feature works and it does provide a significant new level of protection against unauthorized access to your Slack account. We will be improving this feature in future releases but the feature functionality is what is most important right now.
Q. What are you doing to prevent additional breaches?
We cannot overemphasize how seriously we take this incident and the importance we place on the security of your information in the broadest sense, from internal compliance processes, audits and physical access control to continual review of our systems design and approach to technical operations.
We have launched Two Factor Authentication and additional administrative security tools to help users and teams better manage the security of their own accounts. You can expect to hear more about new security initiatives and features in Slack and you can count on our commitment to the ongoing investment in and prioritization of Slacks security.
Q: Were my messages taken/read/accessed?
If you have not been explicitly informed by us in a separate communication that we detected suspicious activity involving your Slack account, we are very confident that there was no unauthorized access to any of your team data (such as messages or files).
Q: Who can I reach if I have additional questions?
If you have questions outside of those covered here please contact firstname.lastname@example.org.