Account Security Best Practices

Choose a password that is at least 12 characters long and unique to your Credia account. Do not reuse passwords from other services.

Signing in with Google or GitHub provides an extra layer of security through their authentication systems, including two-factor authentication if you have it enabled on those accounts.

Periodically check the Users page and remove members who no longer need access. This prevents unauthorized access from former employees or contractors.

Follow the principle of least privilege. Only give Owner access to people who need to manage billing and organization settings. Use Editor for content creators and Viewer for people who only need to read SOPs.

Regularly review the Activity Log to spot any unusual actions, such as unexpected SOP deletions, role changes, or API key creation.

Never share API keys in public channels or commit them to code repositories. Revoke keys immediately if you suspect they have been compromised. Use read-only keys when write access is not needed.