[Publish] Best practices for account security
IN THIS ARTICLE
Disabling Social Sign-In to prevent team members from accessing your master Buffer Publish account
Buffer Publish has a feature called Social Sign-In, which allows you to quickly log into your account via your Twitter, Facebook, or LinkedIn account. If you have the login credentials for one of these platforms, you would also have access to the Buffer Publish account that they are connected to.
It's important to note that if any of your team members has the login details for one of these platforms, they would be able to access your master Buffer Publish account, since they'll be able to log in using Social Sign-In. They would be logged into your account, and therefore have access to perform all Admin functions.
To disable Social Sign-In, head to My Account > Access & Password and then toggle the switch to Off.
Enabling 2-Step Login (a.k.a. 2-factor authentication or 2FA)
Each team member that you add to your Organization will have their own unique login. To ensure the security of your accounts, we encourage you and your team members to enable 2-Step Login, which adds an extra layer of security for your Buffer Publish account. Whenever you log into your account, after entering your username and password, you'll be asked for a second authentication code, which can either be delivered via SMS, or accessed via Google Authenticator (available for iOS and Android).
To check if your team members have 2-Step Login enabled, head to Admin > Team Members. You'll see a list of all team members, and either "Enabled" or "Not Enabled" will be shown under the 2-Step Login column.
Managing billing details
To ensure that billing details remain secure, and subscriptions are not altered without the correct authorization, only the account owner is able to access the Billing area, which is found under My Account > Billing. Because of this, it's important to consider who the account owner should be, and which email address is used. We recommend using an email address that is actively monitored, since failed payment alerts, and other important emails, will be sent to that address.
If the account owner is leaving the Organization, please get in touch with us at firstname.lastname@example.org so we can transfer the account ownership to somebody else within your team.