Telegram and security6 min readAudience: Owners and admins
Account security, MFA, and sessions
How owners should think about login security, organization access, and auditability.
Updated: May 7, 2026
Use MFA for owner/admin accounts
Accounts that can manage billing, members, API keys, or organization settings should use MFA. It reduces the blast radius of leaked passwords.
Review active sessions
If a device is lost or a teammate leaves, revoke sessions and rotate any affected API keys. Session cleanup is part of operational security.
Keep roles tight
Give users the permissions they need for their job. A viewer or buyer should not have owner-level access by default.
Contact support
How owners should think about login security, organization access, and auditability.