How to protect your account credentials

two-factor authentification

It is very important that your ExoClick account is kept secure, two-factor authentication is key, but there are also some additional things you can do for added security. In this blog post we show you some best practices you can carry out to ensure your account credentials are protected. 

1 – Enable Two-factor authentication on your ExoClick account

This is the first and one of the most important things to do. Two-factor authentication (2FA) is a highly efficient way to secure your accounts and digital assets. It works like an extra layer of security to better protect both your user credentials. 

It is easy to set up in your admin panel, you can follow this tutorial. It requires Two factors, factor 1 is your account email, factor 2 is your mobile phone.

Once you have set up the 2FA, each time you want to access your account you will need to provide not only your password but also a token, which is a code that will be automatically sent to your mobile phone when you try to login. You will receive the token code via SMS to the mobile phone number you previously registered. Now simply add the token code into the field on the device you are using to log into your account. This confirms that you are actually you and you have access to your ExoClick account.

The tutorial also includes information on how to use ExoClick’s 2FA with multiple users on your account.

2 – Password tips

Hackers use specific software that goes through millions of dictionary words and searches for multiple character combinations. Potentially weak passwords are a security issue. These are some examples that you should definitely avoid:

  • Don’t use dates, names, or places could be found in public records that are posted online, or scraped off social media accounts, so avoid your birthday, pet names, partner names, nicknames, etc all of which can be sourced by a hacker from your social media accounts.
  • If you have had any personal email or social media accounts hacked, change your password immediately
  • Don’t use obvious sequences of characters, such as:
    • Close letters and numbers on English Keyboard: qwerty123, qazxswedcvfr 
    • Consecutive symbols !@#$%^&*.
    • Consecutive numbers 123456
    • The same number repeated 11111
  • Don’t use words that can be found in the dictionary, even if some of the vowels have been changed into numbers. Even if baseball, princess, or dragon seems random to you, they are not. Those words and more are commonly found among leaked passwords in data breaches.
  • Don’t use any string of characters that appears on a list of the most common passwords.
  • Do follow Google’s recommendations: Long passwords are stronger, so make your password at least 12 characters long. These tips can help you create longer passwords that are easier to remember. Try to use:
    • A lyric from a song or poem
    • A meaningful quote from a movie or speech
    • A passage from a book
    • A series of words that are meaningful to you
    • An abbreviation: Make a password from the first letter of each word in a sentence
  • Use a random password generator such as https://passwordsgenerator.net/

3 – Set a Unique Password per account

A common practice is to use the same password across several different accounts you have. That is not a good practice, duplicate passwords are extremely risky especially from phishing attacks. Hackers that breach one of your accounts will use the same credentials to access other accounts such as email providers, social media, streaming services, etc.

In order to prevent this, it is highly recommended to never use the same password for more than one account, use unique passwords instead.

4 – Use a password manager

An easy way to have all your passwords under control is to use a password manager. Bitwarden, is an easy free open source tool to use, that allows you to access your sensitive information from anywhere on any device and ensures that you aren’t reusing passwords.

5 – Change shared credentials when a business relationship expires

We strongly suggest you take this one as a common practice and change passwords when an employee leaves a company, or you stop working with a 3rd party company that is sharing, for instance, your passwords or API Tokens. Remember that you can create/remove and enable/disable the API tokens in your Admin Panel account so that former employees or 3rd party companies cannot log in to your business accounts to ensure your data does not get compromised. You can find more information regarding How to use ExoClick’s Platform API v2 and set the API Token, simply check out our ExoClick Documentation.

6 – Check for Password leaks annually

Additionally, it is really important to check if your password has been leaked at least once a year. You can use these sites that will allow you to identify if this has been the case:

Juanma Cortes