Security

LiveAgent can automatically search (https://www.liveagent.com/features/search-replace/) for a string pattern in various text messages and replace it with something else before being displayed. The plugin works with messages like customer messages in chats, incoming messages from emails and contact forms, email answers from agents, ticket subject and notes. The plugin can be used for obfuscating sensitive information like credit card numbers, social security numbers and such. Search & Replace ...

Enable 2-Step Verification (https://www.liveagent.com/features/2-step-verification/) to secure your account. 2-Step Verification Setup Step 1: Navigate to your Profile (Edit profile) and check "2-Step Verification" Step 2: Download and install Google Authenticator app (available for iOS (https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8) and Android (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)) on your mobile device. Scan the Q...

LiveAgent offers a number of additional security settings, which can be found in the Agent panel > Configuration > Security > Settings. These allow you to set up more advanced security rules and features that will help you increase the security of your LiveAgent account and your customer portal against various types of vulnerabilities. - Allowed file types - This setting allows only you to define that only specific file types could be uploaded in the contact widgets by the visitor...

LiveAgent uses cookies, (small pieces of data stored in your web browser) for several purposes. For an agent logged into the LiveAgent agent panel, those cookies are stored: - A_auth - authentication token, allows an agent to reload the agent panel without logging in each time (if they did not log out). Agent needs to choose this option by the "Remember me" checkbox on the login screen. - validity: 14 days / till logout - A_la_sid - currently active session in agent panel...

LiveAgent allows you to define various password criteria and requirements for both agent and customer passwords. Changing the criteria will only apply when a new agent or customer is creating his first password or when an existing agent tries to change his password. Existing passwords are not affected when changing these settings. The settings for password criteria can be found in the Agent panel > Configuration > Security > Settings. Just scroll down at the bottom of the page. Ther...

- Overview (#overview) - How to Ban a customer (#ban) - List of currently active bans (#active) - How to ban a range of IPs (#range) - List of expired/past bans (#past) Overview The ban feature is very useful if you ever meet with some unpleasant person/customer. If there is no other "more professional" way, how you can handle such a person on a live chat, you can simply use the ban feature for the specific IP addresses. The following screenshots explain this quick process below....

The list of banned IP addresses or the list of allowed IP addresses from the agent panel IP whitelist is compared with HTTP header X-Forwarded-For if this header has been received. This is to allow for setups when the LiveAgent server is behind a proxy server. If X-Forwarded-For has not been received, the remote host IP address is evaluated.

As a security measure, LiveAgent uses request rate-limiting in several places of the application. - The agent as well as visitor login and change password can be attempted 10 times per hour. Successful login resets the counter. - Password reset can be requested 5 times per hour. After 20 submitted password reset forms with incorrect values all password reset requests are invalidated as protection against brute force attacks. - API requests are limited to 180 per minute per API key. - ...

Content Security Policy (CSP) is a security standard that adds an extra layer of security by specifying domains that the browser should consider to be valid sources of content on the website. In our specific case, it's about the source of content loaded in the LiveAgent agent panel or in the LiveAgent knowledgebase portal. Defining these Content Security Policy (CSP) headers can prevent various cross-site scripting (XSS), clickjacking, and similar code injection attacks aimed at your LiveAgen...

Customers are often curious, how LiveAgent's data is backed up. In order to ensure maximum reliability and uptime, we provide a 2 level backup structure. All accounts hosted in LiveAgent's cloud are backed up this way. 2 Level Backup System 1st Level Backup - is done in realtime - data are replicated from master to two slave servers and in case master server dies, it is seamlesly switched to a backup server 2nd Level backup - is a periodical (daily) snapshot and we keep snapshot of each db...