It’s a tough world out there. With so many important services being susceptible to hacking (the most recent target, the Ubuntu Forums), I thought it would be a good idea to educate some SingleHoppers out there with some good pointers on keeping your LEAP account safe and secure.
The most important thing you can do is maintain a unique login for the services you access. Even a seasoned system administrator like myself knows it is somewhat laborious to keep track of secure/strong logins. Still, it is a very good idea to use different logins for your services, LEAP being one of them. There are plenty of tools that can assist you with this. Password safe services such as LastPass, Keepass, Google Sync, and iCloud Keychain can help you with keeping your logins under control, typically with a master password that can be used to encrypt your password safe. This can limit the damage in the untimely event that your LEAP account email is hacked, or even the LEAP account itself.
On the topic of email, it is also important to maintain control over who in your organization has access to LEAP. Our development team has recently implemented the Sub Accounts feature, so multiple people in your organization can access LEAP and open tickets under their own name and email, while allowing the main account holder to keep an eye on everything. This also helps our billing and support staff when they need to contact your organization by knowing who to contact over an invoice issue as opposed to a website monitoring issue. You can find the Sub Accounts feature in your LEAP panel under Account > Sub Account. From there, you can create new email address logins, set a password, set contact information, and set what sections of LEAP they have access to.
A huge challenge in hosting is keeping the access information of your devices secure. When you change the login on your server (as you should often do!), the question is raised on how to properly update our support staff so we can access your devices in a timely fashion if there is an issue. As part of our root password policy, we cannot send out your server access information, as our ticket responses go out in email, which can be intercepted. Thankfully, our developers have implemented a feature in LEAP that allows you to securely update and view your devices’ access information at any time. Simply go to Components > Device Name > General > Root Password. From there, you can retrieve the current login or put in a new one. If the login is lost, simply open a support ticket, and we can reset the login for you. Once the reset is complete, you can check in LEAP again to find the correct information.
We have covered security in LEAP, email, and your devices, but what about phone security? Social engineering and identity theft can be a huge problem if an attacker obtains enough of your personal information. One way to combat this is by using a unique phone passphrase that is only used for SingleHop. You can set this up by opening a support ticket and requesting it. Commonly, most phone passphrases are in Challenge->Answer format, where the party that receives the call says the challenge portion, and the caller must respond with the correct answer. Here is an example:
Challenge: Where did Brian lose his lunch?
Answer: Skeletor is a cool guy
One important thing to note here is that a good passphrase is typically nonsensical and cannot easily be guessed by a third-party. It is also a good idea to change your passphrase regularly, especially if your organization staff changes.
I hope all of this information helps you understand account security, and if you need to consider any changes in your organization to keep your information secure. The more secure and up to date your information is, the less work you have to do when there is a breach or hack.