EasyPost works hard to ensure accounts are secure, but ultimately, security is a shared responsibility. Here are several measures that will provide added security against unauthorized access.
Secure Your Email
An email address is essential for using EasyPost and is used to send important alerts and communicate with support. Ensure it is secure.
- Visit ';--have i been pwned? to see if an email address has ever been compromised in a third-party data breach. If so, change all passwords connected to that email address (see below).
-
If it's possible that an email account might have been compromised, please take steps to immediately recover account control.
- Google Support: How to secure a hacked or compromised Gmail account
- Microsoft Support: My Outlook.com account has been hacked
- Conduct periodic security reviews to identify any unusual filters, forwarding addresses, or unauthorized recovery contact information associated with relevant email accounts.
Use a Strong, Unique Password
Passwords are the first line of defense against unauthorized access and are among the easiest steps to secure an account.
- Select a password that is long, random, and unique to EasyPost. Never use the same password across multiple accounts or services.
- Use a password manager such as 1Password or DashLane to generate, store, and manage unique passwords to all online accounts.
- Another option is to use a passphrase (a sentence or group of four or more words). Choose a random set of words rather than a famous quote or phrase, as online hackers have sophisticated databases to guess these passphrases.
- Never disclose a password to anyone. EasyPost employees will never ask for a password.
Secure Your API Key
API Keys should be treated with the same level of security as passwords and kept confidential. They allow full account access, and any exposure to public code or communications should be avoided. A compromised key can be immediately disabled via the API Keys page on the EasyPost Dashboard.
- When employees leave an organization, consider creating new API keys to replace any keys those individuals could previously access.
Learn How to Identify Scams
"Phishing" and "Smishing" scams are typical ways scammers will target accounts to gain access to sensitive information, such as credit card or bank account numbers.
- A scammer may call, email, text, or send a personalized message on social media and pretend to be an EasyPost representative or a trusted contact.
- If any inbound messages look suspicious, do not respond or open any hyperlinks, and check the SSL certificate if possible.
- The best way to protect against these scams is to take the measures above and report suspicious activity.
- If an account is believed to be compromised, change the password immediately.
Keep Secrets Close
Trade secrets should stay private.
- Do not commit secrets to a GitHub Repository.
- Do not share account information in an online forum.
- Do not share secrets with an AI chatbot.
If an employee pushes sensitive information to any public online spaces, please treat the contents as public information.
Be Smart About Third-Party Integrations
EasyPost and other companies often update their software with security improvements.
- Be sure to conduct research when allowing any third-party applications to access an account.
- Once integrated, keep these third-party integrations and hosting providers up to date and safely store their credentials to take advantage of the most current security practices.
- Immediately deactivate any API keys associated with third-party applications that are no longer in use.
Please contact support with any questions about EasyPost account security best practices.