Skip to main content

Do you ship? Get the refunds you deserve!

Sign up, sit back, get paid.

Do you ship? Get the refunds you deserve!

Sign up, sit back, get paid.


Protect your UPS account against security breaches

By Last updated on: June 19, 2023

Shipping is a fundamental part of all e-commerce companies and most other industries. As a result, what would happen if your UPS account was hacked? A UPS security breach could be disastrous for any company. Let’s examine some best practices to limit unapproved UPS access by hackers attempting a brute-force assault.

Current UPS Password Requirements

All UPS account passwords must use the following rules to create a password:

  • UPS passwords must contain 7 to 26 characters
  • UPS password cannot have your first name, last name, or user ID
  • It must include at least 3 of the following requirements
    • Contain one upper-case letter
    • Contain one lower-case letter
    • One special character (%$#@!)
    • One numeric character

UPS User ID Requirements

  • UPS User ID’s must be 1-16 characters
  • No spaces or special characters are allowed
  • Email addresses are not allowed

Best Practices for UPS Passwords

Here are some tips to help protect your UPS account from possible threats and security breaches. Furthermore, feel free to do further research on your own to enhance online security.

1. Create a new ID for each team member.  

The fact is employees move jobs frequently. According to various online reports, it is rare for employees to stay at a job for more than 4 to 5 years. If multiple employees are accessing the same credentials, many employers decide not to update security when an employee leaves. Therefore, make it a company policy to add individual user accounts rather than one set of credentials for everyone.  

Note: A user ID and password must be established on the UPS website before adding a user to the UPS billing center online. This differs from FedEx online billing. FedEx only requires administrators to add an email address.

Log into the UPS Billing Center. Next, go to the “Administration” tab. The menu will drop down, click the “Manage Users” tab. Once that page opens, enter the new user ID and email address associated with the user ID. Then, click the blue “Next” button in the bottom right corner of your screen.

UPS Billing Add New User ID Permissions UPS security breach

2. Make the password difficult to remember

  • Avoid single words or a word followed by a number
  • The longer the password, the better
  • Use a combination of words, numbers, symbols, and lower/upper case letters.
  • Avoid passwords based on confidential info (i.e. SS# or DOB)
  • Avoid using adjacent letters/numbers on the keyboard
  • Use two-factor authentication if available

If you can remember your UPS password, it is a bad password.

Refund Retriever Director of Technology

3. Use a password manager

As a user of many websites and sensitive databases, I could never remember all the user names and passwords. Therefore I use a password manager with added two-factor authentication. Password managers allow for a central repository of user names and passwords. All the sensitive data is secure behind a secondary password that changes every few seconds. Take a look at Dashlane, Keeper, or 1Password.

How to Update a UPS Password for Refund Retriever

For Refund Retriever to audit your company’s UPS invoices, we need access to the UPS Billing Online Center. Some customers allow us to use current credentials, but a better option exists. Refund Retriever customers have the opportunity to add a secondary user within UPS Billing Online.

If our UPS password is no longer valid, customers can log into the Refund Retriever Client Interface and update it. Log into the interface and click on “Shipping Accounts” on the left menu bar. This will open a list of all your accounts. Next, click on the purple “EDIT ACCOUNT” button. Here you can enter the new credentials securely.

Update FedEx Password on Refund Retriever

How can Refund Retriever help if there is a UPS security breach?

Refund Retriever monitors every shipment that appears on a UPS account. Therefore, if there is any fraudulent activity, it will be evident from the billing data. Refund Retriever provides a full suite of reports and analytics free for each UPS customer.

One report that will help is our third-party report. The third-party report filters all packages not shipped from or delivered to your address. These are packages that were never in your chain of custody. These could be valid shipments or a result of a UPS security breach of your UPS account.

Refund Retriever 3rd Party Package Report prevent a UPS security breach

UPS will never request personal information, financial information, account numbers, IDs, passwords or copies of invoices in an unsolicited manner. Never through email, mail, text, phone or fax.

Ready to learn more about Refund Retriever? We will help lower shipping costs and increase your UPS security and visibility, contact us today. We can reduce shipping costs through our parcel auditing or contract analysis services.  

Brian Gibbs

Author Brian Gibbs

More posts by Brian Gibbs

Brian Gibbs | President of Refund Retriever

Brian Gibbs founded Refund Retriever in 2006 while running his first eBay-based business and seeing the shortcomings of other shipment auditing companies. Refund Retriever's primary focus is FedEx and UPS parcel invoice auditing. After graduating from Texas A&M University in 2001, he graduated from the University of Houston in 2004 with a JD and MBA. Gibbs has been featured in Forbes, Entrepreneur, and other publications discussing parcel auditing, shipping, e-commerce, and more. Learn more at or call (800) 441-8085 for more information.

Sign Up Now Contact Us