At Maxio, we want to ensure that you have all of the tools necessary to properly secure your account. From secure passwords to 2FA, Advanced Billing gives you many layers of security options to protect your account.
To us, security is more than just protecting your account from unauthorized access. We’re protecting your financial information and most importantly, your subscriber’s information. As a merchant, your subscribers entrust their credit card details with you. In turn, we stay up to date on a multitude of security practices to secure your data.
PCI Compliance
For more information on Advanced Billing’s current security complaince certifications, please visit our security center here.
If you’re interested in learning more about PCI compliance and SAQs, please see our documentation here.
Security Settings
From the Merchant Info menu, select “Security”.
After selecting “Security”, you have the option of requiring 5 types of security for your account. Please be aware that these settings are global. This means they will apply to all sites under your Merchant Account.
Require Secure Passwords
If enabled, any user you manage will be required to have a secure password. Any user with an insecure password will be required to set a new, more secure password.
The definition of a secure password any a password that is hard to detect by humans or computer programs. These types of passwords are typically case-sensitive. Using a strong password that contains letters in both uppercase and lowercase is highly recommended.
Two-Factor Authentication
If enabled, all of your Sites will require users of a Site to enable 2FA for their user account. A user will not have the option to disable 2FA for their individual user account.
If not enabled, each individual user has the option to enable two-factor authentication on his/her account. This is an added security option that requires you to enter a random number from your mobile phone each time you log into Advanced Billing. It helps protect against lost or compromised passwords and is an emerging standard for increasing the security of sensitive applications (especially those in the financial industry).
We have partnered with security provider Authy to add two-factor authentication.
Important: The Authy app must be set-up immediately after you enable two-factor authentication.
2FA: How to get started
After signing in to Advanced Billing, go to ‘My Profile’ (in the upper right corner). Select “Enable two-factor authentication”
Enter your phone number:
You’ll receive a series of texts to get started and help you install the Authy app for your smartphone
The Authy app is also compatible with Google Authenticator.
Again, before you continue, you must set up the Authy app once two-factor authentication is enabled. The Authy app provides a token code that you will use to access Advanced Billing.
2FA: Signing In
Whenever you go to sign in, you’ll be prompted to enter your Authy token code in order to access Advanced Billing:
Or if you enabled ‘SMS fallback for Two-Factor Authentication’ it will have an additional button:
2FA: Troubleshooting
If you lose your phone, need to reset the app, or have other questions, be sure to check the Authy FAQ.
If a user has no record of installing Authy on their device, then they will receive a code via SMS. We strongly recommend installing the Authy app because it’s more secure.
If you are having trouble signing in, please feel free to contact Maxio Support for help!
Enable SMS fallback for Two-Factor Authentication
If enabled, your users will be able to login in through 2FA using SMS authentication or token from the Authy app.
Please make sure that users are in charge of a mobile phone numbers before enabling it.
If there are any issues receiving texts from Authy, please contact Authy for further assistance. Unfortunately, we cannot grant access into the account.
Force Password Change After 60 Days
- If enabled, any user you manage will be required to set a new password every 60 days.
- If not enabled, users will be able to use their given password without an expiration date.
Deny Password Reuse
- If enabled, when changing their password, any user you manage will not be able to use any of their previous 10 passwords.
- If disabled, users will be able to use previous passwords when updating their password.