Best practices for account security
Enabling two-factor authentication (2FA)
Each user that you add to your Buffer organization will have their own unique login. To ensure the security of your accounts, we encourage you and your users to enable two factor authentication, which adds an extra layer of security to your Buffer account. When 2FA is applied, whenever you log into your account, you'll first be asked for your username and password, and then you'll be asked for a second authentication code. Two-factor authentication codes can be generated either via text message (SMS) or an authentication app, such as Google Authenticator or Authy (available on iOS and Android).
If you're not sure which option to go with (SMS or an authentication app), feel free to do some research. There are some articles, such as this one from CNET, that recommend authentication apps as the most secure. However, we encourage you to make your own choice on the best way to go.
Managing billing details
All Admins can manage the billing details within your Buffer dashboard, so it’s best to be cautious about who is given Admin permissions.
Who has accessed my account?
While Buffer Customer Advocates will be able to see the IP addresses of the devices that logged into your account up to two weeks ago, it's important to note that if someone is currently logged in, their information won't be detectable.
If you believe someone currently has access to your account, immediately take these steps:
- Change your password via your account settings here: https://account.buffer.com/. This article explains more: Changing your email address or password
- Enable two-factor authentication (2FA) to provide you with an additional layer of security. You can do that from your security settings here: https://publish.buffer.com/preferences/security. This article explains how to do this: Enabling two factor authentication