/Security

Access control for Duda users 

When it comes to your business, securing access to your Duda account is one of the most important steps you can take


In this lesson, we’ll explore the key practices for ensuring strong access control in Duda, focusing on login methods, password policies, and two-step verification (2SV).

What is access control?

Access control is the foundation of securing your Duda account. Access control ensures that only authorized users can interact with your website or account, protecting sensitive data and maintaining system integrity. Without proper access control, your account or website and data are vulnerable to unauthorized access.

Key components of access control include:


  • Authentication: proving a user’s identity
  • Authorization: ensuring the user has the right permissions

Securing your Duda account

To secure your Duda account, you'll want to start with:

Key components of access control include:


  1. Login credentials, roles, & permissions
  2. Strong password practices and use of single sign-on to log in (Google login recommended)Login credentials, roles, & permissions
  3. Two-Step Verification (2SV), Two-Factor Authentication (2FA), or Multi-Factor Authentication (MFA)

We're going to run through each of these topics in more depth. As you read through, think about your current security practices:

  • Are your security policies due for a refresh?
  • Is your team knowledgeable about your policies as well as common security threats?

If not, today would be a great day to start thinking about how you'll operationalize security-minded behaviors.

1. Login credentials, roles, & permission considerations

Consider the following when evaluating your login and permission practices:

Use Duda's user management tool

Duda makes it easy to create individual users and assign appropriate roles and permissions based on their responsibilities. By setting up proper user access, you can ensure that each person has access only to what they need, improving both security and efficiency.

Never share logins

Sharing login credentials is a serious security risk. Always ensure that each user has their own unique login credentials to prevent unauthorized access and maintain accountability.

Avoid configuring all users as Admins

Not every staff member needs admin-level access. Restrict administrative privileges to only those who truly require them to reduce the risk of accidental or malicious changes.

2. Use strong passwords & SSO 

Use Single Sign-On

(Google recommended)

For ease and security, Duda highly recommends using Google for single sign-on. By linking your Google account, you can quickly sign in without having to remember another password, and you benefit from Google's security infrastructure, including automated alerts and account protection tools.

For larger companies

If your company is large enough to use an Identity Provider (IDP), you may want to consider using our SSO API for better centralized control of user access across multiple platforms. This API allows integration with existing identity management systems, providing a seamless and secure login process across all tools and services your company uses.

For Smaller Companies

Small companies without an IDP can still benefit from logging in with Google, as it provides a reliable and secure login process. If using Google to log in isn’t an option, we recommend following the password policies and using strong, unique passwords for each user.

3. Add Two-Step Authentication (2FA) / Multi-Factor Authentication (MFA)

Add an extra layer of authentication

Adding Two-Step Verification(2SV), Two-Factor Authentication (2FA), or Multi-factor Authentication (MFA) helps to ensure that even if someone manages to steal your password, they will not be able to log into your account without additional verification.


How to Enable 2SV
  • If you use Google to login: Google provides its own 2FA methods. We recommend enabling 2FA directly through your Google account. This will protect your Duda login as well as all other Google services you use.


  • If you do not use Google: You can enable 2SV directly within the Duda platform. Once enabled, you will need to verify your identity using an additional method, such as a text message, authentication app (like Google Authenticator), or another supported method.


Why Enable 2SV
  • It significantly improves security by requiring two forms of identification.
  • It helps protect against unauthorized access even if your password is compromised.

Did you know?

Users should only have access to the areas of the platform necessary for their tasks, with permissions assigned based on their specific role. This follows the Principle of Least Privilege (POLP), a security practice that ensures users are granted only the access required to perform their job functions, minimizing potential risks.

Don't forget

Security is an ongoing process, and access control is your first line of defense in protecting your websites and business from unauthorized access. You can significantly reduce the risks by:

  • Implementing strong password policies
  • Using Google to login enabling layers of authentication
  • enabling layers of authentication (2FA, MFA, or 2SV)

In the next part of the course, we’re going to look at some of the more sensitive areas within Duda where you might want to be extra mindful when thinking about your security practices and who should have access.