Because sensitive customer data can sometimes be viewed in your payever account, it is our concern and duty to protect your account and the data it contains to the best of our ability.
We therefore follow common best practices and recommendations according to authorities specializing in this topic (e.g. OWASP).
Below you will find a brief overview of the measures we apply for your security and that of your customers:
Pwned check during password assignment
When you set a password for the first time or in the course of a password reset, we automatically check the password you have chosen in the background against so-called "pwned"-databases (these are lists of passwords that have been stolen from other websites in the course of hacker attacks in the past). If your password is found on one of these pwned lists, we will reject the password for your own security (even if it otherwise meets all password criteria, such as upper case, lower case, number, special characters). Instead, we will ask you to provide a new password.
Security measures in case of wrong password entry
In order to protect your account from bruteforce attacks (attempts by hackers to finally guess your password through countless guessing attempts), our platform does not allow a large number of failed attempts within a short period of time.
Therefore, after a few failed attempts, you will be shown a captcha in addition to the password entry, which you must solve correctly. If you enter the password correctly and solve the captcha correctly, you will be logged in without further action. However, if you make further failed attempts to enter the password correctly or repeatedly solve the captcha incorrectly, your account may be blocked.
If you have been locked out, you can unlock yourself at any time by resetting your password. To do this, click on "Forgot password" to receive an email with a reset link (to the email you used to register with us). Please click this link promptly and issue a new password quickly, as the link is only valid for a short time for security reasons. If your link has already expired, click "Forgot password" again to receive a new link.
Two factor authentication (2FA)
In order to prevent unauthorized access to your account as far as possible, we ask you to additionally enter a one-time code when you log in to your account in a constellation that is still unknown to us (foreign IP or foreign device). You will receive the said code by email (to the email with which you registered with us). Please enter it within five minutes to complete your login. After five minutes the code will expire, but you can request a new code by clicking "Resend".
User administration
In the interest of fraud prevention and data minimization, we strongly recommend that you use our user management feature. To set up a separate account for each person in (or outside) your organization who should have access to your payever account. Each user can log in with their own email address and password.
Please only give users the rights they really need (you have the option here to select individual apps and, in turn, to select within the apps which actions the user is allowed to perform there). Remember to check your user overview at regular intervals for people who have left (are no longer working for you) and delete the corresponding users from your account if necessary.
It is not planned that several colleagues share accounts and work in parallel - our platform allows only one login per account at a time (i.e. if colleague A is logged in on his computer and colleague B then logs in on another device with the same email and password as colleague A, colleague A is automatically logged out, and if he then logs in again, colleague B is automatically logged out, etc.).