How to share account access without risk or verification checks
OCTOBER 10, 2016 | ACCOUNT MANAGEMENT
So how do online marketers manage dozens to hundreds of accounts?
You have everything from social accounts to merchant accounts for yourself and your clients. Each account needs to be accessible by different people, such as VAs (virtual assistants) and team members, throughout any given project. You need an efficient way to grant access without setting off verification alarm bells on the account platforms, and of course, you need everything to be done securely.
There are three ways marketers share account access. It is either offline storage, online storage, or session sharing. Below, we will showcase each method of account management and help you understand which one is superior to the rest.
The three ways to manage many accounts
When you give someone a plain-text password and he or she logs into the account on his or her machine, that is offline sharing.
Offline sharing is quick and easy, but it's neither secure nor efficient.
You have to disclose passwords. If that person goes rogue with the account, it’s a hassle and may lead to financial loss. They can be the most trustworthy VA or members of your team, there's still a chance they might mishandle your passwords or have a compromised machine. It makes the account and data vulnerable and accessible to third parties.
Security checks will be a problem. All major platforms do location verification and other security checks upon login. Logging into an account through a separate machine will throw up red flags. It triggers calls for verification, like the “Name Your Friends” on Facebook and the “Verify Through SMS” on PayPal.
These checks are inconvenient. Moreover, the accounts may even be suspended or banned if too many red flags appear.
When you share passwords with someone else’s computer through a tool like LastPass, that is online sharing.
Online sharing is slightly more secure, but still not completely safe, and still prone to problems.
Security checks still detect unusual access. The person accessing accounts does not have to physically type the password, but the account platforms are still aware that it's not the regular user logging in. Inconvenient security checks like “Name Your Friends” on Facebook and “Verify Through SMS” on PayPal will still come up.
Malicious receivers can still discover the password. Ultimately, the password shared online needs to be entered from the receiver’s machine in plain text. As such, the password needs to be stored on the receiver’s machine in a non-encrypted way. Any savvy user will be able to locate the password and save it without your knowledge.
Password may be intercepted. There's a possibility of a man-in-the-middle attack if you or the receiver of the password does not have a secure machine. A third party may gain access to the account without your knowledge.
Online sharing is overall better than offline sharing – but there is only one 100% secure way to share accounts without throwing up red flags on account platforms.
Multilogin allows you to share your session with any other Multilogin user. By sharing your session, you avoid every problem that occurs with online and offline sharing!
No password sharing is necessary. Instead, a cookie file is transferred to the other user. Inside that file is an active session ID. When the other user visits a website, it will request the cookie file, see the active session ID, and log him into the corresponding account automatically. The other user does not need the password to log in. Also, he has no way of changing the password once logged in.
Cookie transfer is completely secure. The cookie file is transferred with asymmetrical encryption, which means it is encrypted with the other user public key and can be decrypted only with his private key. In essence, even if the cookie file is intercepted, the hijacker will not be able to decode it or use it to gain account access.
Security checks don’t happen. Multilogin creates a virtual environment for the other user that emulates a physical machine. As such, account platforms cannot detect that the account is being accessed through Multilogin. The second user can be in a different country or using a different operating system. But because of the Multilogin’s approach, the account platforms always think it is the original machine that accesses the account. Every possible security parameter is being spoofed!
As you can tell, session sharing is the superior approach. If you are a marketing agency or independent marketer sharing account access with team members or VAs, to do it correctly, you must use a tool like Multilogin.
Summer of 2019 will be marked by an introduction of an awesome set of features to Multilogin. We have been working on making the product even more convenient for teams. This is how we came up with our new Collaboration 2.0 inside Multilogin.
One of the facets to this new update will be a control of access and the possibility to set up limitations when sharing an account. Head marketing expert that has the initial access to the account will have full control over the session he or she shares. There's are options to set up the accessibility of VAs or team members.
Taking the lazy route (through offline or online storage) can lead to security checks and possible account suspension. You open a gateway for anyone in the middle. The process is compromised due to the interception of the plain-text file or cookie file. Also, your team members and VAs gain access to (or can gain access to) the passwords themselves, every time.
Multilogin solves all of those potential problems. Account platform security checks are avoided, team members and VAs never see the real password, asymmetrical encryption removes the risk of a man-in-the-middle attack, and configurations of access rights for every profile soon.
Click here to download Multilogin and get started with secure, efficient account sharing today.