What are the recommended smsmode's security best practices?

To effectively protect your smsmode account against unauthorized access, brute force attacks, and data breaches, we recommend implementing these security best practices for you and your users:

1) Enable Two-Factor Authentification (2FA) :

• Activate 2FA using Authentificator App (Google Authentificator, Authy or hardware keys like Yibikey on all accounts).
• Avoid SMS-based 2FA for critical accounts (SIM swapping risk)
• Configure offline recovery codes and store them securely.

2) Configure Single Sign-On (SSO):

• Use supported Identity Providers: Okta, Azure AD, Google Workspace, Auth0
• Enable SSO to centralize authentication and enforce strong password policies
• Benefit: single secure login for all your services with enterprise-grade security

3) Password Management:

• Use passwords of 16+ characters (uppercase, lowercase, numbers, symbols)

• Change passwords every 90 days or immediately after suspected compromise
• Never reuse passwords across multiple services
• Use a password manager (Bitwarden, 1Password, LastPass)

4) Account Protection Limits:

• Configure a daily credit consumption limit appropriate to your needs

• Enable IP whitelisting to restrict connections to your company's IP addresses
  
  

5) User and Role Management:

• Apply the principle of least privilege (least privilege)
• Create users with limited roles
• Immediately deactivate accounts of former employees
• Enable user activity notifications

For your information, smsmode is ISO 27001 and GDPR compliant for protecting your data and contacts.

In summary, 2FA + SSO + IP whitelisting + consumption limits form a robust security foundation. These measures reduce unauthorized access risks by 99% while simplifying user experience.

For more technical information, please visit our security page.