In order to securely use Cordial, we recommend following the best practices described below.
Regularly audit users
A routine audit of users in your Cordial account will help you stay aware of user access and permission.
1. Navigate to Settings > Users to view a list of everyone who has access to your Cordial account, and what role they're assigned.
2. Hover over the dropdown next to each user to Edit the user, Revoke access, or Suspend access.
Always remember to revoke access for former employees and contractors.
In order to protect your proprietary information, Cordial strongly recommends using multi-factor authentication to grant access to your account.
Strong passwords and the use of password management applications help ensure that your passwords are secure. Additionally, consider using passphrases instead of passwords. Passphrases are easier to remember if that's needed (i.e. if you're not using a password manager). Passphrases of three or more words and a number are generally more resistant to attacks. Some examples are Spring-Day-Iron5 or very-H@rd-2-Guess.
API key rotation
Cordial recommends that you regularly rotate API keys—and structure your tech stack in a way that allows for regular rotation. The general process for rotating an API key is to create a new key, start using the new key, confirm that the old key isn't in use, and then remove the old key.
User Activity logs
You can use User Activity logs in Cordial to help monitor suspicious and irregular activity when troubleshooting a potential incident.