Security

Account Security and Two-Factor Authentication

Protect your vendor account and customer data with strong passwords, 2FA, session management, and access controls.

4 min read
Published February 12, 2026
Updated March 1, 2026
15 views
security
2fa
authentication
passwords
sessions
audit-log

Account Security and Two-Factor Authentication

Your IPTVbp vendor account controls your entire business -- customer data, revenue, panel credentials, and payment gateway keys. Securing it properly is critical.

Strong Passwords

Every account on IPTVbp (vendor, staff, customer) should use a strong password:

  • Minimum 12 characters (IPTVbp enforces this).
  • Mix of uppercase, lowercase, numbers, and symbols.
  • Never reuse passwords from other services.
  • Use a password manager (1Password, Bitwarden, KeePass) to generate and store unique passwords.

Two-Factor Authentication (2FA)

2FA adds a second layer of security beyond your password. Even if someone steals your password, they cannot log in without the second factor.

Setting Up 2FA

  1. Go to Settings > Security > Two-Factor Authentication.
  2. Click Enable 2FA.
  3. Scan the QR code with your authenticator app:
    • Recommended: Google Authenticator, Authy, or Microsoft Authenticator.
    • Authy is preferred because it supports cloud backup of your tokens.
  4. Enter the 6-digit code from the app to verify.
  5. Save your recovery codes -- these are one-time-use codes in case you lose your phone. Store them in your password manager or print them and keep them in a safe.

2FA for Staff Members

You can require 2FA for all staff members:

  1. Go to Settings > Security > Policies.
  2. Enable Require 2FA for all team members.
  3. Staff members who have not set up 2FA will be prompted on their next login.

This is strongly recommended, especially for staff with admin-level access.

Session Management

IPTVbp tracks all active sessions for your account.

Viewing Active Sessions

Go to Settings > Security > Active Sessions to see:

  • Device type (desktop, mobile, tablet).
  • Browser and operating system.
  • IP address and approximate location.
  • Last activity timestamp.

Revoking Sessions

If you see a session you do not recognise:

  1. Click Revoke next to the suspicious session.
  2. Change your password immediately.
  3. Check your 2FA settings have not been modified.
  4. Review recent activity in the audit log.

Audit Log

The audit log records every significant action taken in your account:

  • Login attempts (successful and failed).
  • Password changes.
  • Payment gateway key changes.
  • Product creation/modification.
  • Customer data exports.
  • Staff permission changes.

Access it at Settings > Security > Audit Log. You can filter by date range, action type, and user.

IP Allowlist (Optional)

For maximum security, restrict dashboard access to specific IP addresses:

  1. Go to Settings > Security > IP Allowlist.
  2. Add your office IP, home IP, or VPN IP.
  3. Enable the allowlist.

When enabled, login attempts from unlisted IPs are blocked even with correct credentials. Use this if you always access IPTVbp from known locations.

Warning: If your IP changes and you are locked out, contact support with your account verification details to regain access.

Customer Account Security

IPTVbp also protects your customers:

  • Rate-limited login: After 5 failed attempts, the account is temporarily locked for 15 minutes.
  • Password reset: Customers can reset via email with a time-limited token.
  • Email verification: New accounts must verify their email before accessing the customer portal.
  • Session expiry: Customer sessions expire after 7 days of inactivity.

Security Checklist

Run through this checklist to ensure your account is properly secured:

  • Password is at least 12 characters and unique to IPTVbp.
  • 2FA is enabled on your account.
  • Recovery codes are saved in a secure location.
  • All staff members have 2FA enabled.
  • Unused staff accounts are deactivated.
  • Payment gateway API keys are stored only in IPTVbp (not in emails or documents).
  • Audit log is reviewed monthly for suspicious activity.
  • Browser and operating system are kept up to date.

What to Do If You Suspect a Breach

  1. Change your password immediately.
  2. Revoke all active sessions except your current one.
  3. Regenerate API keys for all payment gateways and panels.
  4. Review the audit log for unauthorised actions.
  5. Contact IPTVbp support to report the incident.
  6. Notify affected customers if their data may have been accessed.

Related Articles

Security

Account Security & 2FA

Protect your account with two-factor authentication.

19 views
Troubleshooting

Common Panel Connection Issues

Diagnose and fix the most frequent panel connection problems including timeouts, authentication failures, and SSL errors.

16 views
Security

API Security Best Practices

Protect your API keys, webhook endpoints, and integrations with proper authentication, encryption, and monitoring.

17 views
Back to DocumentationNeed Help? Contact Support