Understanding how to manage your account users for your customer billing portal is a crucial aspect of account security. In your billing portal, you have access to manage the primary account holder information, add users to get billing and support notifications, and even add extra layers of security.
The first and most important part of managing the security of your billing portal is to always make sure the Primary Account Holders information is listed under the Account Details and Your Profile tab. This helps to prevent "hijacking" or being locked out of your own account if there are multiple users or developers that have access to your account.
The Account Details and Your Profile tabs should generally reflect the account holder's first and last name, as well as the primary email address of the account. The Account Details tab also controls the billing address that will be reflected on all invoices.
If you're needing to add another user contact to receive billing and support notifications, this would be found under the Contacts tab. While creating the user, you have access to grant permissions to receive notifications for general announcements, password reminders, invoices, support, or product emails for domains.
If you forget or lose your password, there are multiple ways to reset the billing portal password.
- In The Portal: While logged into the billing portal, if you click the admin dropdown (pictured above) and then select "Change Password", you can easily change the password to whatever you would like. This method requires that you know the current password to complete the reset process.
- Forgot Password: While on the login page at billing.create.com, you also have the option to click "Forgot?". This will send an automated email to the primary email address on file where you can reset the password.
- Call Support: You can always reach out to our support team and we would be more than happy to assist with resetting the password.
Your billing portal also has extra security measures available at your disposal to help make sure your content and hosting stays secure. Going back to the admin dropdown, select the Security Settings tab to view the available options.
Linked Accounts- On this page you have the option to link either your Facebook or Google account to simplify your sign-in experience. Connecting any social media account is solely used to verify your account, and we do not use this information to post or access any private information.
Two-Factor Authentication- Two-Factor Authentication adds an extra layer of protection to logins. Once enabled & configured, each time you sign in you will be asked to enter both your username & password as well as a second factor such as a security code. This will also require the use of a third-party authenticator. If you are using the default method to authenticate. Time Based Tokens, there are multiple third-party authenticators you can use. To search for available options , go to whatever available app store/marketplace your device has available and search Authenticators. This will bring up multiple options for you. A couple popular choices for authenticators are Google Authenticator or Duo.
To use the second method available using Yubico, this requires owning a Yubico key USB device. Once the key is inserted, just follow the prompts to complete the connection.
Note: We always recommend customers use two-factor authentication for security reasons.