Shipping is a fundamental part of all e-commerce companies and most other industries. As a result, what would happen if your UPS account was hacked? A UPS security breach could be disastrous for any company. Let’s examine some best practices to limit unapproved UPS access by hackers that are attempting a brute force assault.
Current UPS Password Requirements
All UPS account passwords must use the following rules to create a password:
- UPS passwords must contain 7 to 26 characters
- UPS password cannot contain your first name, last name, or user ID
- It must include at least 3 of the following requirements
- Contain one upper case letter
- Contain one lower case letter
- One special character (%$#@!)
- One numeric character
UPS User ID Requirements
- UPS User ID’s must be 1-16 characters
- No spaces or special characters are allowed
- Email addresses are not allowed
Best Practices for UPS Passwords
Here are some tips to help protect your UPS account from possible threats and security breaches. Furthermore, feel free to do further research on your own to enhance online security.
1. Create a new ID for each team member.
The fact is employees move jobs frequently. According to various online reports, it is rare for employees to stay at a job for more than 4 to 5 years. If multiple employees are accessing the same credentials, many employers decide not to update security when an employee leaves. Therefore, make it a company policy to add individual user accounts rather than one set of credentials for everyone.
Note: A user ID and password must be established on the UPS website before adding a user to the UPS billing center online. This differs from FedEx online billing. FedEx only requires administrators to add an email address.
Log into the UPS Billing Center. Next, go to the “Administration” tab. The menu will drop down, click the “Manage Users” tab. Once that page opens, enter the new user ID and email address associated with the user ID. Then, click the blue “Next” button in the bottom right corner of your screen.
2. Make the password difficult to remember
- Avoid single words or a word followed by a number
- The longer the password, the better
- Use a combination of words, numbers, symbols and lower/upper case letters
- Avoid passwords based on confidential info (i.e. SS# or DOB)
- Avoid using adjacent letters/numbers on the keyboard
- Use two-factor authentication if available
“If you can remember your UPS password, it is a bad password.“Refund Retriever Director of Technology
3. Use a password manager
As a user of many websites and sensitive databases, I could never remember all the user names and passwords. Therefore I use a password manager with added two-factor authentication. Password managers allow for a central repository of user names and passwords. All the sensitive data is secure behind a secondary password that changes every few seconds. Take a look at Dashlane, Keeper, or 1Password.
How to Update a UPS Password for Refund Retriever
For Refund Retriever to audit your company’s UPS invoices, we need access to the UPS Billing Online Center. Some customers allow us to use current credentials, but there is a better option. Refund Retriever customers have the opportunity to add a secondary user within UPS Billing Online.
If the UPS password we have is no longer valid, customers can log into the Refund Retriever Client Interface and update it. Log into the interface and click on “Shipping Accounts” on the left menu bar. This will open a list of all your accounts. Next, click on the purple “EDIT ACCOUNT” button. Here you can enter the new credentials securely.
How can Refund Retriever help if there is a UPS security breach?
Refund Retriever monitors every shipment that appears on a UPS account. Therefore, if there is any fraudulent activity, it will be evident from the billing data. Refund Retriever provides a full suite of reports and analytics free for each UPS customer.
One report that will help is our third-party report. The third-party report filters all packages not shipped from or delivered to your address. These are packages that were never in your chain of custody. These could be valid shipments or a result of a UPS security breach of your UPS account.
UPS will never request personal information, financial information, account numbers, IDs, passwords or copies of invoices in an unsolicited manner. Never through email, mail, text, phone or fax.
Ready to learn more about Refund Retriever? We will help lower shipping costs and increase your UPS security and visibility, contact us today. We can reduce shipping costs through our parcel auditing or contract analysis services.