Plivo’s best-in-class security features include real-time payment and usage alerts, two-factor authentication at login, and geo permission restrictions for its services. However, you must take some actions yourself to protect your account and account credentials.
How do I check whether my account has been compromised?
Plivo sends out an email alert each time someone logs in to your account from a new device. Plivo also sends payment receipts each time a payment attempt is made, for both successful and failed attempts. Check your account email inbox or spam folder and compare any of these email messages to your recent behavior.
Alternatively, you can log in to your account and check the payment section. You can also review your usage by navigating to individual product screens (voice, SMS, Zentrunk, etc.) from the Plivo console. Each screen will have a summary of recent usage that you can compare with your expected usage.
How should I protect my account if I find it has been compromised?
If you suspect your account has been compromised, Plivo recommends that you change your account settings immediately:
What practices should I follow to protect my account?
Follow the advice in our security best practices document. Specifically, Plivo recommends that users:
- Use a strong password with at least 12 characters and avoid sharing it with other users.
- Plivo offers role-based access control that you can use to share certain tasks for your account with other team members at your organization.
- If you must share credentials with multiple users, be sure to use a password manager.
- Plivo APIs require a valid Authentication ID and Token. Your Auth Token should be stored securely and in an encrypted format. Make sure only authorized personnel can access it and avoid sharing it over public networks, public GitHub repositories, and web servers.