This page contains several tips that you can use to protect your Stripe account, and by extension, your data and any funds you may have inside.
Add multiple authentication factors in case you lose one
For example, adding both a security key and your phone means you can still sign in if you lose your phone.
If you use two-step authentication, keep your backup codes in a secure place.
They can help you recover access to your account if you lose all the two-step authentication devices on your account.
Never share your Stripe credentials.
If multiple people need access to your account, invite them as team members in settings.
Set up Touch ID/Windows Hello if you can.
On supported devices, you can sign into Stripe using your fingerprint or facial recognition for a faster and more secure experience.
If you manage a team, you can require two-step authentication for everyone on the team on the team settings page.
This ensures that everyone on your team is following the best security practices.
To avoid phishing attempts, use a bookmark to sign into Stripe.
Phishing websites will pretend to be a legitimate website to access your login information. Set a bookmark for the Stripe login page, and only use that bookmark when signing in.
If you’re using a shared computer, make sure to sign out when you’re done.
This helps keep your account secure from other people using your device.
Don’t click on links if an email looks suspicious.
Fraudsters sometimes send emails with phishing links while pretending to be Stripe. To avoid phishing attacks, set a bookmark for this page and only use that link when signing in.
Check the URL to make sure you’re signing into dashboard.stripe.com.
Phishing attacks often use a fake website to access your login information. For example, attackers might use a misspelled version of the URL.
Only install browser extensions from companies you trust.
Malicious browser extensions can compromise your security by reading your passwords.