Improve the security of your LabsMobile account

At LabsMobile, the security of our clients’ accounts is a top priority. We strive to maintain high quality standards in our platform, ensuring the confidentiality of stored data and promoting a proper use of our services.

In this article, we will provide an overview of the different aspects related to the security and proper use of a LabsMobile account. We strongly recommend all our customers and users to read this article and adopt the suggested measures, as they will contribute to the proper functioning of their accounts and strengthen their security.

Account Access Security

One of the main aspects of account security is user access. It is essential to ensure that no unauthorized person can access the account and everything it contains.

There are several negative consequences of unauthorized access to the account:

Access to recipient group data imported into the account. Not only name and telephone data, but also all additional data that has been imported.
Non-privacy of the message history. That is, an unauthorized access could have access to the message history of the last year of the account.
The account’s credit balance could also be compromised, which could be used to send unauthorized SMS messages or any other service on the platform.
And finally the customer data such as billing data, contact and stored data of the different payment methods. While it is true that the card data is stored encrypted and secure in the payment processing platform (Stripe). But payments could be made with these cards repeatedly for higher SMS consumption.

It is therefore advisable to protect access to the LabsMobile account to prevent all the above points.

For these reasons in LabsMobile it is mandatory to access the account with a two-factor process (password and OTP code). Thus it is necessary to enter when logging into the account:

The user’s email and the access password.
If these credentials are correct, the platform will ask the user for a code that will be sent immediately by email, SMS or generated with a temporary code application such as Google Authenticator.

Recommendations to improve the security of your LabsMobile account:

Set a strong password: It is essential to use a strong password that meets security requirements. We recommend that your password be a minimum of 12 characters and include at least one uppercase letter, one lowercase letter and one number. Avoid using obvious or easily guessed passwords, such as birth dates or common names. Also, be sure not to share it with anyone and keep it in a safe place.
Change your password regularly: To maintain the security of your account in the long term, it is advisable to change your login password at least once every 6 months. This will make any unauthorized access attempt more difficult and ensure that your account remains protected.
Use two-factor authentication (2FA): We recommend enabling two-factor authentication on your LabsMobile account. This provides an additional layer of security by requiring a second verification factor, such as a code sent to your cell phone, in addition to your password. In addition, it is advisable to set up an alternative 2FA code sending method in case of problems with the primary method selected.
Create users and sub-accounts: If several people need to access an account securely, we suggest creating individual users for each of them. This will allow better control of access and ensure traceability of the actions performed by each user. Also, if you need to set up different billing data or separate SMS usage and traffic, you can create additional sub-accounts to efficiently organize and manage your operations.

Account Configuration

It is important that a LabsMobile account is well configured according to the customer’s needs. Below we explain the main preferences and configuration variables that can help a better use and performance avoiding unnecessary shipments and cost.

Display preferences

There are a series of values that must be adapted to be able to see the data displayed in the WebSMS application. These are the main ones that can be found in the User or Account Preferences:

Time zone in which all data is displayed in date/time format.
Language in which the dashboard or WebSMS application is displayed.
Currency in which the amounts are displayed, especially in the recharge process.

Notifications

A LabsMobile account notifies users about the most relevant events such as lack of credits, issuance of invoices, etc. Therefore, it is important to configure the activation and parameters of these notifications for their proper functioning.

These are the main notifications in a LabsMobile account:

Sending of invoices on the same day they are issued.
Sending of 2FA code together with a default method.
Confirmation of purchases or recharges.
Configurable credit limit notification.
Password change process.
Special promotions and discounts.
Notification of errors in shipments, especially those caused by lack of credit or incorrect password.
Quarterly newsletter with the main news and interesting articles.
Email notifications in case of incidents, help or relevant notifications.
Alert for lack of credits when the account has less than 10 credits.
Sending of consumption emails (daily, weekly or monthly) with the main statistics and metrics of the account in that period.

Filters

There are different filters to be configured according to the customer’s needs. These are the filters to be customized:

Anti-duplicate filter: to avoid sending the same messages to the same recipient during the 60 minutes after the first sending.
Time filter: to set a time interval in which messages cannot be sent from the account. These sendings will be paused or blocked and will be sent when the interval of not allowed hours is over.
Country filter: It is important to enter the list of possible destination countries for messages. In this way the platform will block at no cost any sending to other countries and unnecessary overcharges will be avoided.
Maximum number of messages per day
Maximum number of messages per sending or request
Enable Unicode SMS messages: only if you want to send messages with accents, emoticons or symbols. In these cases it is necessary to calculate the extra cost because these messages have a lower capacity.
Enable certified messages: These messages generate a legal document that certifies not only the sending and delivery of the SMS but also its content.

Users or accesses

If different people are required to access an account, the different users or accesses must be correctly configured in the Users section of the administrator or main account.

The administrator user must register new users with access credentials (email and password) and enable roles that will determine the actions and screens available to this user. These are the different roles: sending, results, invoicing, configuration and support.

Sub-accounts

If necessary, it is also possible to create sub-accounts. Here are some cases in which it is necessary to create sub-accounts:

Different sub-accounts, one for each company or different invoicing data. In this way invoices will be issued independently with the purchases of each sub-account.
Create sub-accounts to separate different uses or traffic. This way, for example, statistics can be generated for the sales department or for different transactional SMS messages.
Sub-accounts per user with a maximum balance or credits. In this way the administrator account allocates credits and the sub-accounts can only consume that balance.

Automatic recharges

In many cases the most frequent error in shipments is the lack of balance or credits. This can lead to loss of income, registrations, etc. To avoid these cases and the SMS sending service being interrupted, it is important to configure the automatic recharges of the account.

It is possible to activate this function with a simple form and by entering the following data:

Credit limit when you want a recharge to be activated.
Credits or messages to be topped up
Number of recharges to be made in the last 30 days, to prevent cases of uncontrolled sending or to set a limit on spending
Card to be used to perform the automatic recharge

SMS API integration security

When integrating with LabsMobile’s SMS API, it is essential to follow security guidelines to ensure the protection of your data and maintain the confidentiality of your communications.

Here are some key recommendations:

Always use HTTPS: It is imperative to use the HTTPS protocol in all REST API calls. The use of HTTPS provides an additional layer of security by encrypting the communication between your application and LabsMobile servers, thus avoiding possible interception and manipulation of sensitive data.
Use an API token: From the “API Parameters” section of your LabsMobile account, generate a unique API token and use it for all SMS API requests. This token acts as an authentication key that ensures that only authorized applications can access your SMS services. Keep the API token secure and avoid sharing it with unauthorized third parties.
Set valid IP addresses: To strengthen security, you can set one or more valid IP addresses as the source of SMS API requests. This will limit access to the API only from the specified IP addresses, providing tighter control over who can interact with your SMS services. Be sure to keep the authorized IP addresses up to date and remove any unwanted access.

For more recommendations, click here.

These recommendations are fundamental to ensure the security and correct use of a LabsMobile account. By following these guidelines, such as using strong passwords, changing them regularly, enabling two-factor authentication, and configuring valid IP addresses in the SMS API, you will be strengthening the protection of your account and the data it stores.

If you have any additional questions or concerns, please contact our technical support team. In addition, for more information and details on the topics covered in this article, we recommend the video tutorials.