At Chargify, we want to ensure that you have all of the tools necessary to properly secure your account. From secure passwords to 2FA, Chargify gives you many layers of security options to protect your account.
To us, security is more than just protecting your account from unauthorized access. We’re protecting your financial information and most importantly, your subscriber’s information. As a merchant, your subscribers entrust their credit card details with you. In turn, we stay up to date on a multitude of security practices to secure your data.
For more information on Chargify’s current security complaince certifications, please visit our security center here.
If you’re interested in learning more about PCI compliance and SAQs, please see our documentation here.
From the Merchant Info menu, select “Security”.
After selecting “Security”, you have the option of requiring 5 types of security for your account. Please be aware that these settings are global. This means they will apply to all sites under your Merchant Account.
Require Secure Passwords
If enabled, any user you manage will be required to have a secure password. Note: Any user with an insecure password will be required to set a new, more secure password.
The definition of a secure password any a password that is hard to detect by humans or computer programs. These types of passwords are typically case-sensitive. Using a strong password that contains letters in both uppercase and lowercase is highly recommended.
Two Factor Authentication
If enabled, all of your Sites will require users of a Site to enable 2FA for their user account. A user will not have the option to disable 2FA for their individual user account.
If not enabled, each individual user has the option to enable two-factor authentication on his/her account. This is an added security option that requires you to enter a random number from your mobile phone each time you log into Chargify. It helps protect against lost or compromised passwords and is an emerging standard for increasing the security of sensitive applications (especially those in the financial industry).
We have partnered with security provider Authy to add two-factor authentication. You have the option of receiving authentication codes via text message, or installing the Authy smartphone app (the Authy app is also compatible with Google Authenticator!):
2FA: How to get started
After signing in to Chargify, go to ‘My Profile’ (in the upper right corner). Select “Enable two-factor authentication”
Enter your phone number:
You’ll receive a series of texts to get started and help you install the smartphone app.
2FA: Signing In
Whenever you go to sign in, you’ll be prompted to enter your Authy code in order to access Chargify:
Or if you enabled ‘SMS fallback for Two-Factor Authentication’ it will have an additional button:
If you lose your phone, need to reset the app, or have other questions, be sure to check the Authy FAQ.
If a user has no record of installing Authy on their device, then they will receive a code via SMS. We strongly recommend installing the Authy app because it’s more secure.
If you are having trouble signing in, please feel free to contact Chargify Support for help!
Enable SMS fallback for Two-Factor Authentication
If enabled, your users will be able to login in through 2FA using SMS authentication or token from the Authy app.
Please make sure that users are in charge of a mobile phone numbers before enabling it.
Force Password Change After 60 Days
- If enabled, any user you manage will be required to set a new password every 60 days.
- If not enabled, users will be able to use their given password without an expiration date.
Deny Password Reuse
- If enabled, when changing their password, any user you manage will not be able to use any of their previous 10 passwords.
- If disabled, users will be able to use previous passwords when updating their password.