Security Tips

In order to help you protect your LivePerson account, we recommend that you follow these security best practices and configure your account accordingly.

Protect your passwords

Even the most sophisticated security systems and controls are useless if an attacker gains access to a valid user name and password. Use strong passwords that are not obvious. Make them hard to guess but easy to remember. We recommend that accounts are configured to enforce a password that will comply with the following requirements:

• Minimum length of at least 8 characters
• Maximum password age of 60 days
• A structure that uses both alphanumeric, numbers and special characters (e.g. B45lue@)
• Does not contain your name, birthday, company name or a single word

Beware of spoofed emails

Hackers try to reveal sensitive information such as usernames, passwords and credit card numbers by sending deceptive emails with the look and feel of a formal email from LivePerson or other well-known firms (e.g. banks). These emails instruct users to change their password or update their account configuration, or else their account will be blocked. The deceptive emails often include a link to a malicious website that can harm your computer.

How to spot a spoofed email?

• LivePerson will never ask you to provide your account password
• LivePerson will never send an email with forms or links that ask you to provide your personal details
• Before clicking a link in an email, verify that the domain is genuine and not spoofed (see picture). In addition, LivePerson’s login page is protected with SSL
• Check the sender email address – hackers usually alter the sender address by adding words (e.g. from: support@liveperson-support.com instead of support@liveperson.com)
• If you have any doubts regarding an email, please contact our 24/7 Support team

Learn more about Phishing
Report a LivePerson Phishing incident

Restrict access to the Agent and Admin Console

LivePerson allows you to restrict the access to the Agent Console and Admin Console based on IP. We recommend that you use this function (if you have a static IP or range of IPs).

Look for SSL and verify the identity

Data communicated to LivePerson servers is encrypted with 128bit SSL V3 /TLS 1.0 using a trusted public certificate authority. To validate the authenticity of the chat window, and ensure that the chat is encrypted, look for the SSL certificate.

Validate administrator's contact email

Verify that the administrator contact email in the admin console is updated and reflects the actual owner of the account.

• Contact the Security Team
• Security White Paper
• External Safety and Security resources

• Online Sales Solutions
• Customer Service Solutions
• Industry Solutions