Security awareness tips for your Paystack business
Your Paystack Dashboard allows you to add different users with varying access levels to your business. It’s important to assign the correct roles to users, so they have access only to the features they need. For instance, the Business Owner role is given to the person who created the business; there are no restrictions to what they can do. Because of the full admin privileges of the Business Owner on the Paystack Dashboard, it’s important to not transfer access to someone who isn’t a business owner.
In addition, all other members of your team should be assigned roles on the Dashboard based on their functions. This ensures that they have access to only the specific features their role requires.
When a team member changes their job function or leaves the business, remember to review or revoke their access to the dashboard respectively. For more detailed information on adding members and setting their roles on your Paystack Dashboard, please refer to these guides on how to add a teammate to your Dashboard and the available roles for each team.
Grant access to third-party teams with an invite from your Dashboard
If you need to share access to your Paystack Dashboard with an external team member e.g for integration support, only give them access by sending them an invitation to become a user, from your Dashboard. This is much safer than sharing your login credentials with them. Once the task for which you gave them access is complete, remember to disable their access.
You can invite someone from your Dashboard by clicking on “Settings” from the left-side menu and afterward, click on “Team” from the options at the top of the page.
[Important] If you’ve already shared your login credentials with a third-party team, change your password immediately and re-invite them to your Paystack account from your Dashboard if you still require their support.
Protect your Paystack account with a passphrase or complex password
To reduce the risk of a malicious user guessing your credentials and gaining access to your account, use a passphrase or a complex password as your Paystack log-in credentials.
A passphrase is a sequence of words used for authentication. It’s longer and more secure than a traditional password and easily exceeds the minimum password length. Passphrases are easier to remember than a set of random symbols and letters. Here’s a guide on how to create a passphrase →
If you’d prefer to use a password to log in to your Paystack account, we advise that you use a complex password. A combination of uppercase, lowercase, numbers, and special characters with a minimum length of eight characters is recommended. An example of a complex password is A5k$ctv6 (please don’t use this ).
The more complex your password is, the lower the risk of your account falling victim to unwanted compromises.
Enable Two-Factor Authentication (2FA) on your Paystack account
In addition to using a passphrase or complex password for your Paystack business, you should further protect your account by enabling 2FA on your Dashboard and email.
With 2FA enabled, access to your account requires extra authentication that can only be obtained via a third-party application or SMS. This means that if for any reason your password is compromised, there’s an extra layer of protection for your business. You can read our straight-to-the-point explainer on 2FA and learn how to enable 2FA for your Paystack Dashboard here →
Keep your devices updated with the latest security patches
A security patch is an update pushed by software companies to mitigate vulnerabilities on their software. To keep your Paystack account even safer from cyber threats, ensure that the operating system and applications on the devices you use to access the Dashboard are up to date with the latest security patches. This will help protect your business against malicious attacks.
Change your password if you suspect that your Paystack business account has been compromised
If you suspect that your Paystack business has been compromised, kindly:
- Change your password immediately and
- Send us an email at firstname.lastname@example.org