Support forum
wyDay blog
wyDay Home

Account security

This is a decidedly unsexy (but important) topic about securing your LimeLM and LicenseChest account so that only you and your employees can access it. It can be summed up in 3 basic points:

  1. Enable two-factor authentication

  2. Always use a secure password (don't use the same password that you've used on other sites)

  3. Treat your API key like a password (don't share it, don't include it in your app)

Enable two-factor authentication (2fa)

Two-factor authentication adds an extra layer of security to your user account. In short, it confirms you are who you say you are by combining something you know (your username / password) with something you have (your phone with a cryptographically secure generated code).

Setting up two-factor authentication for your account is 2 simple steps:

  1. Get an "authenticator" app for your phone

  2. Enable 2fa in your settings

Get an "authenticator" app for your phone

There are hundreds of authenticator apps available for free. You can use any of them. Here are some recommendations:

Enable 2fa in your settings

After installing the "authenticator" app on your phone, it's simply a matter of going to your settings and following the steps needed to enable 2fa.

What if you get a "your password is vulnerable" error when logging in?

If you get this error from LimeLM (either when signing up or logging in) then it means that we've detected that the password you're using has been verified as being part of a data-leak from 3rd party companies. In other words, you've used this password on other sites and those sites have since lost your data (i.e. hackers got it).

This error does not mean that your LimeLM account was hacked, however it means you should change your password immediately to ensure only you have access to your account.

A good rule of thumb you should use a different password on every site you sign up for. Use a password manager to keep track of them for you. (There are literally thousands of free password managers out there). A good, reliable, and secure one for Windows is PasswordSafe.

Your API key is like an all-access password to your account

Your web API key on your settings page lets you use our web API functions in your back-office code. For example, generating product keys after an order.

Your API key is like a password. You should never use the web API key from directly in your app. If you embed the API key in your app it's equivalent to handing your customers your password. Don't do it.

To sum up, here are some places you can use your web API key:

Here are some places you should never use your web API key: