Looking to keep your account secure? Follow these recommended best practices to make sure your information stays safe.
Plivo console security (for https://console.plivo.com)
- Choose a strong password that includes at least 8 characters: upper case, lower case, special character(s) and number(s).
- Enable two-factor authentication on your Plivo account (learn more by clicking here).
- Leverage role-based access controls when adding new users to the account (learn more by clicking here).
- Do not use a group email when registering a new account. We strongly recommend using an individual email for your Plivo account sign-up.
- Use an email that is monitored regularly so that you receive alerts or security notifications in a timely manner.
- Similar to your username and password, Auth ID and Auth Tokens are required to trigger SMS/calls. Auth Tokens should be treated as highly confidential and should not be published on open source platforms like GitHub.
- Enable “Geo Permission” under SMS -> Settings -> Geo Permissions to whitelist countries where your users will receive SMS notifications from you.
- Enable “View Content Authorization” under SMS -> Settings -> View Content Authorization to authorize the Plivo Customer Success team to view your SMS content, help you debug, and detect any fraud activity more effectively.
- Always redact incoming messages when creating a new application. Go to SMS -> Application -> Add new application -> Redact incoming messages when making API requests to Plivo SMS.
- Enable “Geo Permission” under Voice -> Settings -> Geo Permissions to whitelist countries where your users will receive voice calls from you.
- When creating a password for your trunk, choose a strong password with complexity: at least 8 characters, upper case, lower case, special characters, and numbers.
- Only whitelist the IPs from your PBX and be sure to update these IPs when the PBX IPs are changed.