What are security best practices for Radar?
February 07, 2019
- Use a strong password (at least 10 characters, at least 1 lowercase letter, at least 1 uppercase letter, at least 1 number, and at least 1 symbol).
- Use a password manager like 1Password or LastPass to generate and store passwords, and use a different password for each website.
- Use multi-factor authentication (MFA). Enable MFA on the Account page.
- Do not share your account with co-workers.
- Use the appropriate role (admin, write, or read) for each co-worker's account.
- When a co-worker is terminated, delete their account.
- Use single sign-on (SSO) if supported by your organization.
- Use Test keys for development and Live keys for production.
- Use Publishable keys (which are restricted in scope) in client-side code. Never use Secret keys (which can read or write any data).
- Encrypt data stored outside of Radar (e.g., data sent to integrations or sent to webhooks and stored in a data warehouse).
- Do not send any PII, like names, email addresses, or publicly available IDs, to the Radar SDK or API. See also privacy best practices.
Did this help answer your question?