Dear PopAds Member,
We have recently added a number of new security features at PopAds:
New login session manager
We have created a new login session manager system that not only is a lot more secure from the technical point of view, but also offers a number of new options. For example, you are now able to change your session type between "Remember me" and "Browser Session" anytime. It is also possible to log out from all devices with just one click. This update also introduces a number of usability improvements related to session management.
Google Authenticator support
While we added support for YubiKey hardware token months ago, we understand that many of our users would prefer a slightly less secure, but more convenient and free option. That is why we have added support for Google Authenticator or any other mobile application that can generate 6 digit one-time-passwords in TOTP standard. To activate the token, please do following:
1. Install Google Authenticator (or similar) application on your mobile phone.
2. Log in at https://www.popads.net and go to Security page under Account manager.
3. Click on Register Token and set Token Type to Google Authenticator.
4. In the Google Authenticator mobile app, add a new account and use Scan a barcode option.
5. Scan the QR code present on the Register Token page.
6. Finally, enter the 6 digit code and click on Add Token button.
Security Alert Emails
If you log in from another country than usually or if you make a withdrawal to a new PayPal/Payza email, our system will automatically send you a Security Alert email with details of the action.
Withdrawal Protection
All withdrawals that are made to new PayPal/Payza emails will be delayed by 24 hours due to security reasons. The reason behind it is that if someone accesses your account and requests a withdrawal, you will have enough time to take an action before the withdrawal request is processed.
Panic Link
Imagine a situation - you get a Security Alert email and you are sure it is not a false positive.
Usually, you would need to contact us for help, yet this introduces additional delay during which you might not be able to access your account. In the worse case, the attacker could actually open a campaign a start spending your money.
This is why we came up with an idea - each Security Alert contains a Panic Link. Once it is used, our system will carry out following actions:
1. You will be logged out from all devices(including potential attacker).
2. All your campaigns will be paused.
3. All your pending withdrawals will be suspended.
4. Your account password will be reset.
Panic Link does not require you to log in, a simple click on the link and on a confirmation button is enough.
Password restrictions
While we have never liked the idea of restricting passwords(which leads to inmemorable passwords that have to be stored "somewhere"), we have decided to add two new password rules:
- Minimum password length is now 7 characters.
- We have set up a password blacklist with thousands of the most common passwords. Our system won't accept any of these as a new password.
Profile edit restriction
It is no longer possible to change username or email without contacting PopAds Support.
While we do all we can to ensure your account is safe, please follow few simple rules to make sure our new features work as designed:
1. Always make sure that the email address in your PopAds profile is correct. Otherwise, you might not be able to receive the Security Alert email or reset your account password.
2. Do not use same passwords on other websites(consider using password manager).
3. Use two factor authorization(Google Authenticator or YubiKey).
Stay safe!
Best regards,
Tomasz Klekot
PopAds.net
If this message was sent in error or if you no longer wish to receive this newsletter, you can unsubscribe
