The CoachAccountable Blog

Last week we got an earnest inquiry Andrew Hinkelman of Priority 1 Group that was very simple:

Do you offer multifactor authentication (MFA) for client credentials/login? If so, I assume one factor could be a code sent via text message?

When Morgan replied the truth of the matter, no we do not, we got back:

Is multifactor authentication on your roadmap? If so, roughly when?

Well, at the time it really wasn’t.  Morgan let him know the full scoop, and got back the following:

I’m an executive coach working with leaders in tech. I’m also a recent CTO and managed a team responsible for information security. So… I think not having an additional authentication factor is a deal-breaker for me. I simply cannot direct my corporate clients to use a SaaS service that is not hitting baseline security measures and expect them to use the platform for sharing/storing our 1:1 coaching work.

I really loved everything else I saw about coach accountable so I’m bummed to have to restart my search…

“Not hitting baseline security measures?!?”  Well now, that’s really throwing down the gauntlet, isn’t it? :)

And far be it for me to make Andrew have to restart his search!

In truth, adding 2-factor authentication isn’t terribly hard, ESPECIALLY if we skip over authenticator apps and just start with SMS-based.  CoachAccountable is already set up to transact via SMS in countries that represent over 90% of our users.

I’ve had MFA come up as a request a few times over the last several years (expressed interest has been really quite rare, actually).  I didn’t jump on cooking up SMS-based 2FA on account of cutting edge security researcher reports that SMS was technically not a fully secure channel, owning to the possibility of various SIM card attacks and other niche weaknesses.

But really that was an instance of me letting perfect be the enemy of good.

The fact remains that even humble SMS-based second-factor authentication is a practical step up: in a world where defense-in-depth matters (and indeed it does, for we don’t ALL live in a spy movie being targeted by nation state actors), even mostly secure measures make a meaningful difference!

So I’m happy to report CoachAccountable now supports 2-Factor Authentication over SMS, i.e. for all our users in the US, Canada, UK and Australia¹.  Let’s see how it works!

» Continue reading “2-Factor Authentication via SMS”

CoachAccountable calendar sync now has a big leg up for those clients who just can’t be bothered to actually set any of it up.

For a long time now, it’s been the case that both coaches and their clients can sync their calendar of choice (be it Google, Outlook, or Apple) with CoachAccountable.  This enables CA to automatically add whatever appointments get scheduled to the calendar of choice and, in the case of coaches, read their availability for the sake of avoiding double booking.

This is great for both parties, and, on account of the whole double-booking-avoidance thing, is especially a win for coaches.

But sometimes clients can’t be bothered.  For some it’s an extra step that they just don’t (or won’t) get around to.  For others it might be concerns over security, sometimes based on corporate IT policy or the like, that make full-on calendar sync a non-starter.

As an alternative to full-on calendar sync, CA has long supported the ability to subscribe to ICS calendar feeds.  But that too puts the impetus on clients to actually set it up.

Enter calendar invites via email

As a solution to the hurdle of clients needing to actually do something for your coaching appointments to appear in their calendar, CA now provides for a robust (yet totally passive) approach.  Clients can now receive calendar invites by email for all appointments you schedule with them, meaning those appointments will be automatically added to their calendar as those email notifications are received.

Likewise, calendar invites can also describe (and affect) changes to previously scheduled appointments, namely rescheduling and canceling.

» Continue reading “Calendar Sync via Email Invites”

The impetus for this instance of delightful collaboration came as a simple question.

In wanting the experience of doing her Courses to be a smooth as possible for her clients, Katharina Hille asked:

When I set up a new action for a client, the clients gets an email with a link (“View this online”) that brings him/her directly to the corresponding action.

But when I design a course I can only add a general login-link. Therefore I have to explain to new clients, that they have to got to “Actions” etc…

Is it possible to add this “View this online”-link in courses also?

I sat with this question for a little while, realizing how perfectly reasonable and natural the request was.  After all, one of our express aims in the design of CoachAccountable is to remove every last bit of friction from the client experience that we possibly can, making it as easy and seamless for them to show up for the life-changing work they’re engaged in.

So put in those terms, Katharina was absolutely right: if she (or anyone else!) needs to explain to clients how to find a given item in their system (when they could’ve been simply taken right to it), that’s a problem, or at best, a real missed opportunity on CA’s part.

With Course Pages, a login link in the notification email for a new section of the course has the spiffy behavior of taking clients directly to that section of that course.  “Brilliant!”, I thought, “I’ll just extend that ‘go-right-to-the-item-in-that-course-page’ behavior to items of all types [for page-enabled Courses]!”

So I did!

And it was good.

And then I realized Katharina wasn’t using Course Pages at all in her Courses.  Therefore that spiffy enhancement, though a step forward, would be meaningless to her use of the system.

Now since the beginning of CoachAccountable Courses, the login link for notification emails about Course Worksheets took clients right to that Worksheet, so a client was always just one click away from being able to work on it.  Course Files have also always been similarly accessible from the notification email.

So really what Katharina was asking for was to extend this spiffy behavior to the other types of Course Items, namely Actions, Metrics and Whiteboards.

And this is now done: [loginLink] magic tags in notification emails for Course Actions, Metrics and Whiteboards now just work better for everyone, no changes to the design of any Course required.  A nice win for all!

Thank Katharina for asking the question in the first place, coming from an understanding that those links could (and should) be better.  Sharing that little bit of perspective–the slog that is having to explain more to new clients–was a real gift, one that made clear the right thing to do to make CA better for all.