Best practices for Buffer account security

Enabling two-factor authentication (2FA)

Each user that you add to your Buffer organization will have their own unique login. To ensure the security of your accounts, we encourage you and your users to enable two factor authentication, which adds an extra layer of security to your Buffer account. When 2FA is applied, whenever you log into your account, you'll first be asked for your username and password, and then you'll be asked for a second authentication code.

Recovery codes are single-use, and you'll get an email any time one is used, so be sure to save the new code after each use, and treat the email as a security alert if it wasn't you.

Two-factor authentication codes can be generated via an authentication app such as Google Authenticator or Authy (available on iOS and Android).

Admins on Team plans can also require 2FA for every member of their organization from their Team Settings. Learn how to require 2FA for your team.

Note: We recommend using an authentication app instead of SMS/text — if you're not in cellular reception (eg: working on an airplane, or in a remote area), your code will not reach you via SMS, but you can use authenticator apps whenever you're connected to wifi. Read more about authentication apps from CNET here.

Managing billing details

All Admins can manage the billing details within your Buffer dashboard, so it’s best to be cautious about who is given Admin permissions. 

Who has accessed my account?

While Buffer Customer Advocates will be able to see the IP addresses of the devices that logged into your account up to two weeks ago, it's important to note that if someone is currently logged in, their information won't be detectable. 

If you believe someone currently has access to your account, immediately take these steps:

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.