Dear Confirmo users,
we are back with a new tutorial to make your Confirmo experience as good as possible. And today mostly about how to make it as secure as possible. We are going to talk today about securing your account and what tools we prepared for you to do so. Since we work with money here, I can’t emphasize enough how important these rules and tools are.
Setting up accounts and their security
You can use multiple logins with different restrictions. We are going to describe these in the next article. But as obvious as it may seem, this is the first line of defense and you should not be neglected. Please use a strong password, have your login email well secured, and rather create a restricted sub-account for your staff, instead of sharing the master account login.
Google authenticator – 2FA
The best way to keep your account impenetrable even in case someone overtakes your email is to set-up two-factor safety on login. It is as simple as installing Google authenticator app to your mobile device and pairing it with your Confirmo account in Settings – Security menu. The attacker then has to have not only access to your email but also your unlocked mobile device. Without it, it is not possible to even log-in.
Callback password
This feature can be also found in the Settings – Security menu. It hashes the communication between your and our servers. Rendering it virtually impossible to read for any third party that would try to sniff the webhook traffic between Confirmo and your API. Please note that this has to be set-up on both sides upon enabling as well as disabling it, otherwise your API won’t recognize these hashed webhook calls.
If you did not enable any of these yet, we recommend doing so as soon as possible. Also, we are doing our best to keep your account safe from our side daily and we will carry on of course.
And if you miss any security features, don’t hesitate to contact us with your ideas and suggestions.
Stay safe and see you next time!