# What can I do to make my account more secure?

Follow these tips to keep your Stripe account, data, and funds secure. This page is intended for users of the [Stripe Dashboard](https://dashboard.stripe.com).
## Strengthen the security of your account
* **Add multiple two-step authentication methods to your account in case you lose access to one**. Users with two or more authentication methods enabled are much less likely to get locked out of their account.
  * For example, adding both a passkey and an authenticator app means you can still sign in if you lose access to either method.
* **Avoid SMS — use more secure two-step authentication methods instead**. SMS messages are vulnerable to SIM swap and SS7 attacks.
  * More secure methods include passkeys, authenticator apps, security keys, Touch ID, and Windows Hello.
* **Make sure your backup code is stored in a safe place**. Your backup code helps you recover access to your account if you lose access to two-step authentication.
* **Add a backup email to your account**. Your backup email helps you recover access to your account if you lose access to your primary email address.
* **Never share your Stripe credentials**. If multiple people need access to your account, invite them as team members in the Dashboard.
  * If you're a team administrator, require two-step authentication for everyone on the [Team settings page](https://dashboard.stripe.com/settings/team).
* **Store and use your Stripe API keys safely**. See Protecting against compromised API keys for details.
## Protect yourself from common attacks
Bad actors sometimes contact Stripe users to attempt to steal credentials or exploit a compromised API key to gain additional access. Verified Stripe domains explains how to tell whether an email that claims to be from Stripe is actually from Stripe.
Stripe is aware that bad actors who obtain Stripe users' API keys may try to trick users into enabling certain products under the threat of deactivation. **Stripe does not deactivate users for not adopting Stripe products.** If you've received such an email, follow the tips below and see Protecting against compromised API keys.
* **Use a bookmark to sign in to Stripe**. This prevents phishing sites impersonating Stripe from capturing your credentials.
  * Bookmark [dashboard.stripe.com](https://dashboard.stripe.com/login) and only use that bookmark when signing in.
* **Check the URL of any sign-in page**. Fraudsters may use misspelled versions of Stripe URLs that look similar.
  * Always double-check that you are on [dashboard.stripe.com](https://dashboard.stripe.com/login) when signing in.
* **Don’t click on links if an email looks suspicious**. Fraudsters sometimes send emails with phishing links while pretending to be Stripe.
  * Only use your [dashboard.stripe.com](https://dashboard.stripe.com/login) bookmark to sign in.
* **If you’re using a shared computer, make sure to sign out when you’re done**. This helps keep your account secure from other people using your device.
  * Even if the other people using your device are trustworthy, they may inadvertently fall for a phishing attack.
* **Only install browser extensions from companies you trust**. Malicious browser extensions can compromise your security by reading your passwords.