Protecting users from control panel abuse
Back to top
We take security seriously. To help demonstrate this, here are a few features we provide as standard within our control panels for resellers and users. Behind the scenes our support, development and network teams work around the clock to ensure that we continue to deliver a secure and trusted environment across all our platforms.
Two Factor Authentication (2FA) provides an additional dimension to portal security. No longer can you access the portal armed with knowledge of a password, a second step which requires you to have an additional authorised device be present. Although may sound that we're slowing down the logging in process, the additional time spent can be no more than a few seconds, but the ability to keep would-be fraudsters out of confidential information can be immeasurable.
2FA is not enforced as standard. It is an option available to all resellers for their own use, as well as their customers. Availability can be enforced for particular portal user types (eg Reseller Users, Customers, Customer Plus etc), offered as optional, or not shown at all. Should a user lose their second level of authentication a reseller can disable it, allowing the user to re-apply upon their next successful login via password authentication.
To login to the control panel you would be presented with a username and password box as normal. Enter your standard username and password in, this is no different to before.
The generation of a unique 6 digit session code can be accessed via a number of free applications you can get for mobile devices or via browser plugins.
Enter the code into the next stage of the control panel login. As long as the code is correct and hasn't expired, access is granted.
We're all guilty of forgetting to logout of a control panel or portal. Some applications, such as with banking have very strict rules on session length, and for day-to-day access to our portal such short sessions would be unworkable. We provide resellers the ability to specify the standard session length for both themselves, and their customer control panels. This includes session lengths for 'remember me' functions to keep security in the forefront of all users minds and not to allow complacency or laziness to creep in.
Strong passwords, applied from the start, is a good path to long term security on an account. Dictionary attacks are all too common, so when password choices are required, strength meters and random password generators are at hand to ensure that you don't allow easy access to an account.
We have powerful logging in place which help show users access to the control panel. It shows who logged in, when, pages viewed, actions taken and from which IP address. We hope that by providing this visibility that unauthorised access or actions can be quickly identified. Likewise, should you need to go back and understand who actioned a change, you can do as there are no time limits to how long we retain this information for.