Helpshift knows you care about securing your Dashboard to protect your support team and user data. This is why we’ve provided an array of resources and best practices to allow you to increase the security of your Dashboard.
Have your team members create strong passwords and update them frequently
As of September 2018, Helpshift requires that all Dashboard passwords meet the following standards:
- Contain at least one uppercase letter (A-Z)
- Contain at least one lowercase letter (a-z)
- Contain at least one number (0-9)
- Contain at least one special character
- Be a minimum of at least 8 characters
This is to ensure that all team members create strong passwords that will not be easily guessed or revealed by brute force attacks.
If a team member fails to enter the correct passwords after several attempts, they will be prompted to complete a CAPTCHA to verify that they are an authentic user.
We strongly recommend having your team members frequently update their passwords, avoid using the same password that they currently use for other accounts, and avoid reusing old passwords that they have used before.
Implement a Single Sign-on (SSO) integration (add-on feature)
Our OneLogin and Okta SSO integrations allow you to effectively manage access to your Dashboard using a secure and unified identity management system. This enables you to provide ease of access, prevent common weak points, and easily block credentials for a removed team member.
Review these guides to get started with one of our SSO integrations:
Never share accounts or give out personal account information (even within your team)
To minimize the security risks for your team, have each team member create individual, unique passwords for their Dashboard accounts. Avoid using shared or standardized passwords, and discourage your team members from sharing passwords with one another.
Hackers may use social engineering techniques to pressure people into granting access to a secure account in your Dashboard. For example, they may contact your support team to claim there’s been a security breach and that your password needs to be reset immediately to some text that they provide.
Some hackers have tools that enable them to spoof email addresses to impersonate users from legitimate email domains. As a result, what appears to be a legitimate email request from a user may not be from that actual address. If someone who claims to be an administrator or user of an account contacts you, you should take steps to independently verify their identity (for example, by calling them).
When in doubt, never provide any sensitive information or make account changes on someone else’s behalf. Legitimate users can manage their account via the steps in this FAQ: How do I manage my Account Settings?
We strongly recommend that you educate your support team about these security risks, and also consider creating a security policy that everyone knows and can refer to when these incidents occur.
If a team member has lost their password, simply use the ‘Forgot my password’ link on the login page. A link to reset their password will be sent to their email address, which is already securely associated with their Helpshift account. For more details, see What do I do if I forgot my account password?
If a team member needs to update the email address on their account, see How do I change my account email?
Helpshift employees will never ask for your password. If you receive an email that appears to be from Helpshift that asks for your password, do not reply to the email and contact our support team to let us know.
Limit the number of Admins on your team
Admins in Helpshift have the ability to make drastic and sometimes permanent changes to your Dashboard, including the deletion of apps, platforms, and other team members. Limiting the number of Admins in your Dashboard decreases your security risk by preventing unauthorized actions that cannot be reversed.
The Agent and Supervisor roles provide a reasonable level of access to the Dashboard, including the ability to manage Issues and FAQs. To learn more about the differences in privileges between Admins, Supervisors and Agents, see What are the different roles in Helpshift?
Please note that Helpshift automatically notifies a team member when their role has changed by sending them an email confirmation. To learn how to update your team members roles, see How do I invite my team members as Agents, Admins, and Supervisors?
Regularly review your team in the Dashboard and remove unnecessary team members
It is considered a best practice to regularly review the list of team members in your Dashboard to ensure that no unauthorized Admins or Agents have been added. You may do so as an Admin by navigating to the Settings > Teams (under Workflows) page.
To learn more about what happens when a team member is removed, see How do I remove an Agent, and what will happen to their Issues if I do?
For more information on security and privacy at Helpshift, review the following: