Skip to main content
Secure your Boosterberg account with two-factor authentication, session management, and security monitoring.

Two-factor authentication (2FA)

Add an extra layer of security by requiring a verification code in addition to your password.

Enabling 2FA

1

Go to security settings

Navigate to Settings > Security.
2

Click Enable 2FA

Under Two-Factor Authentication, click Enable.
3

Choose authentication method

Select your preferred method:
  • Authenticator app (recommended): Google Authenticator, Authy, 1Password, etc.
  • SMS: Receive codes via text message
4

Set up authenticator app

If using an authenticator app:
  1. Scan the QR code with your app
  2. Enter the 6-digit code shown in your app
  3. Click Verify
Save the backup codes shown after setup. You’ll need them if you lose access to your authenticator.
5

Save backup codes

Download and securely store your backup codes. Each code can be used once if you lose access to your authenticator.
Two-factor authentication is now enabled! You’ll need to enter a code from your authenticator app each time you log in.

Using 2FA

When logging in with 2FA enabled:
  1. Enter your email and password
  2. Open your authenticator app
  3. Enter the 6-digit code
  4. Click Verify
You can check “Trust this device” to skip 2FA for 30 days on that device.

Backup codes

If you lose access to your authenticator:
  1. Click Use backup code on the login screen
  2. Enter one of your saved backup codes
  3. Immediately set up a new authenticator
Each backup code can only be used once. Generate new codes after using them.

Disabling 2FA

To turn off two-factor authentication:
  1. Go to Settings > Security
  2. Click Disable 2FA
  3. Enter your password and current 2FA code
  4. Confirm disabling
Disabling 2FA makes your account less secure. Only do this if absolutely necessary.

Password security

Password requirements

Boosterberg requires passwords to:
  • Be at least 12 characters long
  • Include uppercase and lowercase letters
  • Include at least one number
  • Include at least one special character
Use a password manager to generate and store strong, unique passwords.

Changing your password

1

Go to security settings

Navigate to Settings > Security.
2

Click Change Password

Under Password, click Change Password.
3

Enter passwords

  • Current password
  • New password
  • Confirm new password
4

Save changes

Click Update Password. You’ll be logged out and need to log in with the new password.

Password reset

If you forgot your password:
  1. Click Forgot Password on the login screen
  2. Enter your email address
  3. Check your email for a reset link
  4. Click the link and create a new password
Password reset links expire after 1 hour for security.

Session management

Active sessions

View all devices where you’re currently logged in:
  • Device type and browser
  • IP address and location
  • Last active time
  • Current session indicator

Managing sessions

End sessions on other devices:
  1. Go to Settings > Security > Active Sessions
  2. Review the list of active sessions
  3. Click Log Out next to sessions you want to end
  4. Or click Log Out All Other Sessions to end all except current
Regularly review active sessions and log out unused devices.

Session timeout

For security, Boosterberg automatically logs you out after:
  • 30 days of inactivity
  • 7 days on public/shared computers (if selected during login)

Login security

Login notifications

Receive alerts when someone logs into your account:
  1. Go to Settings > Security > Login Alerts
  2. Enable Email notifications for new logins
  3. Choose notification preferences:
    • All logins
    • Unrecognized devices only
    • Failed login attempts

Failed login attempts

After 5 failed login attempts:
  • Account is temporarily locked for 15 minutes
  • You receive an email notification
  • IP address is flagged for monitoring
If you see failed login attempts you didn’t make, change your password immediately and enable 2FA.

Trusted devices

Mark devices as trusted to skip 2FA:
  • Checkbox during login: “Trust this device for 30 days”
  • Manage trusted devices in Settings > Security
  • Remove trust from any device anytime

Security monitoring

Activity log

View all account activity:
  • Login attempts (successful and failed)
  • Password changes
  • 2FA changes
  • Campaign creations and modifications
  • Team member changes
  • API key usage
Access at Settings > Security > Activity Log.

Security alerts

Boosterberg monitors for suspicious activity:
  • Logins from new locations
  • Multiple failed login attempts
  • Unusual API usage
  • Large budget changes
  • Bulk campaign deletions
You’ll receive email alerts for suspicious activity.

API security

API key management

Secure your API keys:
  • Generate separate keys for different integrations
  • Set appropriate permissions for each key
  • Rotate keys regularly (every 90 days recommended)
  • Revoke unused keys immediately

API key permissions

Limit what each API key can do:
  • Read-only: View data only
  • Campaign management: Create and edit campaigns
  • Full access: All operations
Use read-only keys whenever possible to minimize risk.

Revoking API keys

If a key is compromised:
  1. Go to Settings > API
  2. Find the compromised key
  3. Click Revoke immediately
  4. Generate a new key if needed

Best practices

Two-factor authentication is the single most effective security measure. Enable it as soon as you create your account.
Password managers generate strong, unique passwords and store them securely. Popular options: 1Password, Bitwarden, LastPass.
  • Check active sessions
  • Review activity log
  • Verify team member access
  • Rotate API keys
  • Don’t share your password with anyone
  • Don’t share 2FA codes
  • Don’t share API keys publicly
  • Use team member invitations instead
  • Update your browser regularly
  • Keep your operating system current
  • Update your authenticator app

Security checklist

Use this checklist to ensure your account is secure:
  • Two-factor authentication enabled
  • Strong, unique password set
  • Password manager in use
  • Login notifications enabled
  • Active sessions reviewed
  • Trusted devices list current
  • API keys have minimal permissions
  • Team member access is appropriate
  • Activity log reviewed monthly
  • Backup codes saved securely

Reporting security issues

If you discover a security vulnerability:
  1. Do not disclose it publicly
  2. Email security@boosterberg.com with details
  3. Include steps to reproduce if possible
  4. We’ll respond within 24 hours
Boosterberg has a responsible disclosure policy. We appreciate security researchers who report vulnerabilities responsibly.

Next steps

Manage your team

Add members and control access

Control permissions

Manage Facebook permissions