Security Best Practices
Social media platforms provide extensive value for businesses and end users alike. Studies estimate that the average person spends 145 minutes per day on social media. With this increased adoption of social media, comes an increase in phishing attempts, malware distribution and scams.
At Sprout Social, we recognize the important role that social serves for you, and we take securing your account seriously. We offer many security and privacy features for you to secure your account.
This article contains the following sections:
- Strong password standards
- Two-step verification
- Single Sign-On
- IP allowlist
- Domain restrictions
- User permissions
Strong password standards
Strong passwords are the first line of defense against security breaches. Every organization should have a policy outlining what constitutes a strong password. The National Institute of Standards and Technology (NIST), for example, requires federal agencies to use passwords that are at least 8 characters long, but goes on to show that password length is most important. While Sprout also requires a minimum password length of 8 characters, we suggest going a step further and recommend a passphrase that is 12-18 characters.
Two-step verification, also referred to as two-factor or multi-factor verification, is an authentication method that requires a user to provide more than just a password to log in. For Sprout, enabling two-step verification requires a user to enter an additional verification code generated by a third party application, like Google Authenticator, upon login. Users can enable two-step verification individually, or the Account Owner can configure a setting to require all users on the account to use Two-Step Verification. For a higher level of security, we recommend configuring two-step verification for all users.
You can find the instructions for enabling two-step here.
Single Sign-On (SSO)
Sprout offers SAML 2.0 Single Sign-on (SSO) support across web and mobile. The main benefit of implementing SSO is account security. If a user's permissions, access or employment status changes, their administrators can easily disable all accounts associated with that user with minimal effort. SSO also creates a seamless user login experience, eliminating the need for employees to remember several passwords.
If you have additional questions or want to get set up with SSO, contact your Customer Success Manager or Sprout’s Support team for assistance. You can also read more about SSO in Sprout here.
If desired, Sprout offers an IP allowlist (i.e. whitelist) feature to Enterprise customers. This feature restricts an instance of the Sprout application so that your users can log in only from known IP addresses. If users always log in from the same location with the same IP address, like a company-wide virtual private network (VPN), this feature provides another level of protection from malicious actors who may attempt to access your instance of Sprout.
If you have additional questions or want to get configured with an IP allowlist, contact your Customer Success Manager or Sprout’s Support team for assistance.
For Enterprise customers, Sprout offers a back-end feature that can limit the domains to which you can send a user invite. If you are an Enterprise customer interested in this functionality, contact your Customer Success Manager for more information.
Depending on your plan, Sprout offers either Standard Plan Permissions or Advanced Permissions for you to manage and control your users’ access to the platform. By setting user permissions, you can determine which of your users have manager-level permissions or which product features each of your users can access – an important element to ensuring the security of your Sprout account.