Platform Security Features
All logins to LeadByte are redirected to our HTTPS page. This prepends HTTPS to the URL regardless of whether this was present in your address bar when loading the site.
We provide all clients with the option of granting access to individual IP addresses. This ensures that only connections from addresses you have white-listed are allowed to log into your account. These IP addresses can be defined for users within “admin > users”, however if you’d like this implementing at an account level please reach out to your account manager.
If you travel frequently you may be better off using our “Access restrictions by Country” feature. This function allows you to grant access for entire countries rather than individual IP addresses. This is available at both a user level and account level.
We have a strong password criteria when setting a new password.
Your new password must be a minimum of 8 characters and contain at least:
1 upper case
1 lower case
1 number and
1 symbol
On top of this, all passwords are stored in a hashed format. This means that even LeadByte staff can’t view your password.
If someone tries to access your account with an incorrect password 4 times, your account will be locked for security which prevents your account from being brute forced. You can re-activate your account by resetting your password with the “Forgot password?” button on the login screen or by contacting your administrator.
Administrators have the option to "re-authenticate" their users under "admin > users". This will unlock their account for them immediately without the need to reset their password.
2FA
We offer 2 factor authentication as an option on all user accounts. This can be used with either Email, SMS or Google Authenticator. An Admin can select the 2FA option by heading to Admin>Users
A 2FA 6 digit code will be sent to the Users email when logging in. This will need to be entered when prompted.
SMS
A 2FA 6 digit code will be sent to the Users mobile phone number when logging in. Please see our supported countries for this option by selecting the relevant country on the dropdown under Phone (as shown above).
Google Authenticator - (not available for Supplier & Buyer accounts)
You will need the Google Authenticator app installed on your smart phone to use this 2FA option. Once selected, As stated when selecting this option, Users will need to scan the QR code from their "My Account" page when they next log in (48 hour expiry). Note that this is the most secure authentication method - user OTP code will be required on each login.
From here, select and ensure you select on your Google Authenticator App.
This will then prompt a 6 digit 2FA code when you log into your account.
When logging in to LeadByte on an unrecognised device for the first time we will automatically send a verification email to the email address associated with the user. Please note that Google 2FA will require a code each time you log in.
Other than users listed on the account, the only people able to access your account are authorised LeadByte personnel and Amazon appointed engineers.
LeadByte personnel that have access to client accounts (such as tech support and our engineers) undergo criminal history checks. Access to accounts is key to upholding our SLA.
If you'd like to learn more about how your data is stored within LeadByte click here.
Comments