When you create an account on Apify by default, you will only need to log in with either email and password or with a sign-in through Google or GitHub. Then, you’ll be able to use Apify from the same browser without having to log in again for 90 days.
While Apify is designed for ease of use, we strongly recommend increasing your account security if you handle sensitive data or link payment methods to your account.
We’ve implemented two new ways how to do that.
Two-factor authentication for a more secure sign-in
While email and password sign-in is convenient, it's not secure enough for sensitive accounts. Your account could be compromised if someone guesses a weak password or gains access to your email. Adding extra security measures helps prevent unauthorized access.
To mitigate this risk, you can enable two-factor authentication (2FA). This will add a step to the sign-in process. Where you’ll have to input a code from a connected 2FA authentication application.
To set up 2FA, visit your account settings and follow the configuration steps. When 2FA is enabled on your account, your account settings should look like this.
See our 2FA documentation for more information and detailed guidance.
Session length configuration
Enabling 2FA is an important first step to your account security, and will prevent account takeover by someone with your password/email, but it does not prevent people from accessing your account if they gain access to your sign-in session. This most commonly happens through computer malware/viruses.
Apify's default setting keeps you logged in for 90 days unless you manually log out. While this is convenient for most users, we recommend adjusting this setting for stronger security.
Since we believe this setting is something each user might want to have set a little differently, we added an option to configure the number of days the session should last. Shorter sessions protect against unauthorized access, while longer sessions reduce authentication overhead in secured environments.
You can configure this in your account settings.
Set security requirements on organization members
Now that you secured your own account, you might also want to secure the account of your organization. But you do not sign in as an organization, instead, the members of the organization sign in to Apify, and then they can switch their account to act as the organization.
Your organization's security depends on every member having a secure account. While you can ask members to update their security settings, a single unsecured account can put the entire organization at risk.
So we’ve added 2 configuration options to the organization settings
Maximum session lifespan: Require all members of your organization have a session length shorter than this value.
Require two-factor authentication: Require all members of your organization have 2FA enabled.
Apify is now SOC 2 Type II certified! Read our blog post about what this means for your data security.
