This is a decidedly unsexy (but important) topic about securing your LimeLM and LicenseChest account so that only you and your employees can access it. It can be summed up in 3 basic points:
Always use a secure password (don't use the same password that you've used on other sites)
Treat your API key like a password (don't share it, don't include it in your app)
Two-factor authentication adds an extra layer of security to your user account. In short, it confirms you are who you say you are by combining something you know (your username / password) with something you have (your phone with a cryptographically secure generated code).
Setting up two-factor authentication for your account is 2 simple steps:
There are hundreds of authenticator apps available for free. You can use any of them. Here are some recommendations:
Authenticator: an open source authenticator app for iOS. Small, simple and fast.
FreeOTP: an open-source authenticator app for iOS and Android.
Authy: a free authenticator app for iOS, Android, Windows, and macOS.
Google Authenticator: a free authenticator app for iOS and Android.
Microsoft Authenticator: a free authenticator app for iOS, Android, and Windows Phone.
After installing the "authenticator" app on your phone, it's simply a matter of going to your settings and following the steps needed to enable 2fa.
If you get this error from LimeLM (either when signing up or logging in) then it means that we've detected that the password you're using has been verified as being part of a data-leak from 3rd party companies. In other words, you've used this password on other sites and those sites have since lost your data (i.e. hackers got it).
This error does not mean that your LimeLM account was hacked, however it means you should change your password immediately to ensure only you have access to your account.
A good rule of thumb you should use a different password on every site you sign up for. Use a password manager to keep track of them for you. (There are literally thousands of free password managers out there). A good, reliable, and secure one for Windows is PasswordSafe.
Your web API key on your settings page lets you use our web API functions in your back-office code. For example, generating product keys after an order.
Your API key is like a password. You should never use the web API key from directly in your app. If you embed the API key in your app it's equivalent to handing your customers your password. Don't do it.
To sum up, here are some places you can use your web API key:
Use it in scripts that run on your server (for example, order processing)
Use it for back-office purposes (running reports, etc.)
Here are some places you should never use your web API key:
Don't use the web API key in the app you distribute to your customers!