Security

At Maxio, we want to ensure that you have all of the tools necessary to properly secure your account. From secure passwords to 2FA, Advanced Billing gives you many layers of security options to protect your account.

To us, security is more than just protecting your account from unauthorized access. We’re protecting your financial information and most importantly, your subscriber’s information. As a merchant, your subscribers entrust their credit card details with you. In turn, we stay up to date on a multitude of security practices to secure your data.

PCI Compliance

For more information on Advanced Billing’s current security complaince certifications, please visit our security center here.

If you’re interested in learning more about PCI compliance and SAQs, please see our documentation here.

Security Settings

From the Merchant Info menu, select “Security”.

security_choice.png
Select security settings from your account information


After selecting “Security”, you have the option of requiring 5 types of security for your account. Please be aware that these settings are global. This means they will apply to all sites under your Merchant Account.

security.png
Select which security options to apply to all sites

 

Require Secure Passwords

If enabled, any user you manage will be required to have a secure password. Any user with an insecure password will be required to set a new, more secure password.

The definition of a secure password any a password that is hard to detect by humans or computer programs. These types of passwords are typically case-sensitive. Using a strong password that contains letters in both uppercase and lowercase is highly recommended.

Two-Factor Authentication

If enabled, all of your Sites will require users of a Site to enable 2FA for their user account. A user will not have the option to disable 2FA for their individual user account.

If not enabled, each individual user has the option to enable two-factor authentication on his/her account. This is an added security option that requires you to enter a random number from your mobile phone each time you log into Advanced Billing. It helps protect against lost or compromised passwords and is an emerging standard for increasing the security of sensitive applications (especially those in the financial industry).

We have partnered with security provider Authy to add two-factor authentication.

Important: The Authy app must be set-up immediately after you enable two-factor authentication.

2FA: How to get started

After signing in to Advanced Billing, go to ‘My Profile’ (in the upper right corner). Select “Enable two-factor authentication”

enable_2fa.png
Select the option to enable 2FA on your user account

 

Enter your phone number:

phone_number.png
Enter your phone number for authentication

 

You’ll receive a series of texts to get started and help you install the Authy app for your smartphone

The Authy app is also compatible with Google Authenticator.

Again, before you continue, you must set up the Authy app once two-factor authentication is enabled. The Authy app provides a token code that you will use to access Advanced Billing.

Selection_253.png
Example screen shot from Authy, showing Advanced Billing token

 

2FA: Signing In

Whenever you go to sign in, you’ll be prompted to enter your Authy token code in order to access Advanced Billing:

2fa.png
Enter your token code from your Authy app

 

Or if you enabled ‘SMS fallback for Two-Factor Authentication’ it will have an additional button:

2fa_with_sms.png
Enter your token from your Authy app

 

2FA: Troubleshooting

If you lose your phone, need to reset the app, or have other questions, be sure to check the Authy FAQ.

If a user has no record of installing Authy on their device, then they will receive a code via SMS. We strongly recommend installing the Authy app because it’s more secure.

If you are having trouble signing in, please feel free to contact Maxio Support for help!

Enable SMS fallback for Two-Factor Authentication

If enabled, your users will be able to login in through 2FA using SMS authentication or token from the Authy app.

Please make sure that users are in charge of a mobile phone numbers before enabling it.

If there are any issues receiving texts from Authy, please contact Authy for further assistance. Unfortunately, we cannot grant access into the account.

Force Password Change After 60 Days

  • If enabled, any user you manage will be required to set a new password every 60 days.
  • If not enabled, users will be able to use their given password without an expiration date.

Deny Password Reuse

  • If enabled, when changing their password, any user you manage will not be able to use any of their previous 10 passwords.
  • If disabled, users will be able to use previous passwords when updating their password.
Was this article helpful?
0 out of 0 found this helpful