Account Security Best Practices

Protecting your professional information is crucial. Tabbio uses modern passwordless authentication for enhanced security. Follow these practices to keep your account safe.

Tabbio's Passwordless Security

How It Works

Tabbio eliminates traditional passwords for better security:

• Magic Links: Secure, time-limited login links sent to your email
• Google Authentication: Industry-standard OAuth 2.0 integration
• No Passwords: Nothing to steal, crack, or forget

Why Passwordless is More Secure

• No Password Theft: Hackers can't steal what doesn't exist
• Time-Limited Access: Magic links expire after 15 minutes
• One-Time Use: Each magic link can only be used once
• Email Verification: Requires access to your registered email
• Reduced Attack Surface: Eliminates password-based vulnerabilities

Essential Security Measures

Email Account Security

Since your email is your key to Tabbio, secure it properly:

• Strong Email Password: Use a unique, complex password for your email
• Email 2FA: Enable two-factor authentication on your email account
• Recovery Options: Set up multiple recovery methods for your email
• Regular Updates: Keep your email password updated
• Monitor Access: Watch for suspicious email account activity

Magic Link Best Practices

• Use Links Immediately: Don't delay using magic links
• Check Email Source: Verify emails come from noreply@tabbio.com
• Secure Email Access: Only use magic links from your own devices
• Don't Share Links: Magic links are personal and shouldn't be shared
• Report Suspicious Emails: Contact support if you receive unexpected magic links

Google Authentication Security

• Google Account Security: Keep your Google account secure with 2FA
• Regular Reviews: Check Google account permissions regularly
• App Permissions: Review apps connected to your Google account
• Session Management: Monitor active Google sessions
• Recovery Setup: Ensure Google account recovery is properly configured

Account Monitoring

Login Notifications

Tabbio automatically sends email alerts for:

• New device magic link requests
• Successful logins from new locations
• Profile updates and changes
• Security setting modifications

Session Management

Regularly check for:

• Active Sessions: Review devices currently logged in
• Login History: Monitor recent access patterns
• Location Tracking: Verify login locations are legitimate
• Unusual Activity: Watch for suspicious access attempts

Account Activity Monitoring

Watch for unauthorized:

• Profile Changes: Modifications you didn't make
• Application Submissions: Jobs applied to without your knowledge
• Message Activity: Messages sent from your account
• Company Creation: New company profiles you didn't create
• Settings Changes: Security or privacy modifications

Data Protection

Privacy Settings

• Control profile visibility
• Manage search engine indexing
• Set contact preferences
• Configure data sharing options

Information Sharing

Be cautious about sharing:

• Personal contact details
• Home address
• Salary expectations
• Private messages

Public Profile Management

• Review what's publicly visible
• Use professional photo only
• Keep sensitive info private
• Regular privacy checkups

Recognizing Threats

Phishing Attempts

Be cautious of fake Tabbio emails:

• Check Sender: Legitimate emails come from @tabbio.com
• Verify Links: Hover over links to see actual destination
• Magic Link Requests: You should only receive these after requesting them
• Urgent Demands: Tabbio won't demand immediate action via email
• Spelling Errors: Professional emails have proper grammar

Magic Link Fraud

Watch for:

• Unexpected Magic Links: Links you didn't request
• Wrong Email Address: Links sent to different email addresses
• Suspicious Timing: Multiple rapid magic link emails
• Fake Domains: Links not pointing to tabbio.com

Account Compromise Signs

• Unrecognized Login Notifications: Logins you didn't perform
• Profile Changes: Modifications you didn't make
• Unauthorized Applications: Job applications you didn't submit
• Message Activity: Messages sent without your knowledge
• Magic Links: Requests you didn't initiate

Incident Response

If Account is Compromised

1. Secure Your Email: Change your email password immediately
2. End All Sessions: Log out of all devices
3. Check Recent Activity: Review all account activity
4. Contact Support: Report the incident immediately
5. Review Email Security: Strengthen email account protection
6. Monitor Activity: Watch for further suspicious behavior

Recovery Process

1. Request New Magic Link: Use the login page to get a new link
2. Contact Support: Provide detailed information about the incident
3. Identity Verification: Support may require additional verification
4. Security Review: Follow guided steps to secure your account
5. Email Security: Implement stronger email account protection

Device Security

Secure Devices

• Keep OS updated
• Use device locks (PIN, biometric)
• Install from official app stores only
• Avoid public Wi-Fi for sensitive actions

Browser Security

• Keep browsers updated
• Use secure connections (HTTPS)
• Clear cache regularly
• Avoid saving passwords on shared computers

Advanced Security

Email Security Enhancement

For maximum protection:

• Email 2FA: Enable two-factor authentication on your email
• App Passwords: Use app-specific passwords where needed
• Email Encryption: Consider email encryption services
• Backup Email: Set up a secure backup email address

Network Security

• Secure Connections: Always use HTTPS (automatic with Tabbio)
• Public Wi-Fi: Avoid accessing Tabbio on unsecured networks
• VPN Usage: Use VPN on public networks for additional protection
• Home Network: Secure your home Wi-Fi network

Regular Security Tasks

Weekly

• Check Email Security: Monitor your email account for suspicious activity
• Review Login History: Check Tabbio login notifications
• Verify Profile: Ensure no unauthorized changes to your profile

Monthly

• Active Sessions Review: Check devices currently logged into Tabbio
• Email Account Audit: Review email account settings and permissions
• Privacy Settings: Update profile visibility and sharing preferences
• Security Notifications: Review all security-related emails

Quarterly

• Email Password Update: Change your email account password
• Recovery Information: Update email account recovery options
• Security Assessment: Complete comprehensive security review
• Backup Verification: Test email account recovery methods

Annually

• Complete Security Audit: Review all security measures
• Email Provider Review: Consider switching to more secure email providers
• Account Information Update: Refresh all personal information
• Professional Security Consultation: Consider expert security review

Team Account Security

For Company Accounts

• Role-based access control
• Regular access reviews
• Secure password sharing
• Activity monitoring

Best Practices

• Limit admin access
• Use group policies
• Monitor team activity
• Regular security training

Getting Help

Support Resources

• Security incident reporting
• 24/7 security hotline
• Emergency account recovery
• Professional consultation

Self-Service Tools

• Security checkup wizard
• Automated threat detection
• Account recovery options
• Security score assessment

Stay Updated

• Follow security newsletters
• Monitor breach notifications
• Update security practices
• Regular training participation

Email Provider Security

Secure Email Providers

Consider providers with strong security:

• ProtonMail: End-to-end encryption
• Gmail: Strong 2FA and security features
• Outlook: Microsoft's enterprise-grade security
• Apple Mail: Integrated with Apple's security ecosystem

Email Security Features to Look For

• Two-Factor Authentication: Essential for email account security
• Encryption: End-to-end encryption for sensitive communications
• Spam Protection: Advanced filtering to prevent phishing
• Security Monitoring: Alerts for suspicious activity
• App Passwords: Secure access for third-party applications

Mobile Security

Mobile Email Apps

• Official Apps: Use official email apps from your provider
• App Updates: Keep email apps updated
• Secure Lock: Use device locks (PIN, fingerprint, face recognition)
• App Permissions: Review and limit app permissions

Mobile Best Practices

• Device Security: Keep your phone's OS updated
• App Downloads: Only download from official app stores
• Public Wi-Fi: Avoid using magic links on public networks
• Screen Locks: Use automatic screen locks

Emergency Access

If You Lose Email Access

1. Contact Email Provider: Start email account recovery process
2. Use Backup Email: If you have one configured
3. Contact Tabbio Support: We can help verify your identity
4. Provide Verification: Be ready to verify your identity

Backup Plans

• Secondary Email: Keep a backup email address updated
• Phone Recovery: Ensure your phone number is current
• Identity Documents: Be prepared to provide ID verification
• Professional References: Contacts who can verify your identity

Privacy Protection

Data Sharing Settings

• Profile Visibility: Control who can see your profile
• Search Engine Indexing: Manage public search visibility
• Recruiter Access: Set preferences for recruiter contact
• Data Export: Understand your data export rights

Professional Information

• Sensitive Data: Avoid sharing highly sensitive information publicly
• Contact Details: Be selective about contact information visibility
• Salary Information: Keep salary expectations private initially
• Personal Details: Separate personal and professional information

Remember: With passwordless authentication, your email security is your account security. Protect your email like you would protect your most valuable asset.