Security
Security Best Practices
Follow these recommendations to keep your Karsilo account and Stripe data secure.
Use a strong, unique password
Your Karsilo password should be at least 12 characters and unique to this account. Use a password manager to generate and store complex passwords. Avoid reusing passwords from other services, as credential stuffing attacks use leaked passwords from other breaches.
Enable two-factor authentication
2FA is the single most impactful security measure you can take. Even if your password is compromised, an attacker cannot log in without your authenticator code. Enable 2FA from Settings → Security and store backup codes in a safe place.
Review connected accounts regularly
Periodically review your connected Stripe accounts and team member access. Remove connections you no longer need and revoke access for team members who have left. Fewer active connections mean a smaller surface area for potential issues.
Monitor your activity log
Check Settings → Activity Log regularly for unexpected actions. Look for login attempts from unfamiliar locations, account connection changes, or setting modifications you didn't make. If you see anything suspicious, change your password and revoke all sessions immediately.