This is our second post in a series explaining the security practices we are implementing at Openprovider, and offering guidance and tips, you can follow.
In the previous post, we discussed how to protect individual contact for the Openprovider reseller control panel. Basically, the main advice is to:
- Use strong and unique passwords. Make sure you use unique passwords for each of your accounts, whether they are for business or personal use.
- Change your passwords regularly.
- Always use two-factor authentication.
In this blog post we offer some advice for managing your contacts, in order to maintain the security of your reseller account in general (RCP and API). The following steps should be part of a regular security audit.
is a good time to start:
- Login to the RCP with an admin contact, and review the list of current contacts to make sure contact data, especially email address, are correct and up to date with employment status. Delete all obsolete contacts.
- Make sure that each contact is used by only one person, and create additional accounts if needed.
- Disable API access for each contact where it’s not needed. Usually only one account is needed for each integration.
- Make sure that all contacts have two-factor authentication enabled, and educate your staff on its importance and how to use it.
- Consider using the IP whitelist functionality to limit RCP and API access to only IP addresses in your network. Developers working from home can access the RCP/API using VPN.
Path: RCP->Account->Account Overview-> Select a contact and click Edit.
- Consider using a password manager, like 1Password or Lastpass, which lets you conveniently use strong and unique passwords.