Managing your Third-Party Accounts and Services

Most websites today have connections and dependencies on third-party services and platforms. These can include things like:

  • Website hosting
  • Google for analytics and search
  • Disqus for commenting
  • Secure payment processing
  • Email newsletter services
  • Domain name registration for your website
  • Media hosting e.g. Vimeo, YouTube, etc.
  • Social media platforms like Facebook, Twitter, etc.

Each of these services requires setting up an account on its platform, where you typically have access to a range of administrative settings just for that service. In the case of Google you might be using Google Analytics, Google Custom Search, AdSense, Google Drive…and that’s just the tip of the Google Apps iceberg. For payment processing services like PayPal and Stripe, account settings include highly sensitive information like Social Security numbers.

Website content management systems, including WordPress, connect with these third-party services through either plugins or settings within the CMS. So it’s very important to get these settings right, which often requires setting them up first on the third-party service.

Each third-party platform has its own administrative interface, and hopefully, good documentation on how to use it.

Here are crucial bits of reality in using these services in today’s Internet-based, interconnected world:

Usernames, email addresses, and passwords

You set up an account with a username and/or email address, and a password. In some cases there’s just one administrative account, but in other cases (like Google Apps) you can have one administrator and many users with different permissions.

It’s very, very, (very!) important to keep your login credentials secure, in a place where you can always find them. We strongly recommend using a password manager like 1Password or LastPass, where you set up a master password to access all your various accounts, usernames, and passwords.

In addition, the main administrative account for third-party services should never be set up with the personal email address of an individual in your organization. If that person were to leave your organization and you didn’t have another administrator for that service, you (and your website) could be in a world of hurt.

The person with the admin account is gone, no-one else has the password, and you can’t use the service’s password recovery because you don’t have access to the admin email account. We’ve seen this happen, and it’s too late to do anything about it after the fact.

So how do you set up an email address that isn’t tied to an individual person?

There are several ways to do this:

  • For organizations running their own email system and domain (like your @mycompany.org address), it’s typically easy to set up a generic email address that isn’t tied directly to an individual staff member. In this case emails sent to that address go to several staff, which you can change as needed.
  • Some organizations use Active Directory to login to their email system, usually with Microsoft Outlook as the email client. It’s easy for an administrator to set up an email-enabled Active Directory group, then assign individuals to the group. So regardless if people leave the organization, someone can always have access to the AD group email.
  • You can use Google Apps to set up email addresses, including group addresses that can be used to sign up for and manage other third-party services.

Support and Documentation

Every web services company has its own technology base, some kind of documentation, and a usually a help desk system.  If there’s a problem with the service, nothing can replace the service’s own documentation or help desk.

In Summary:

  • Sign up for third-party services using an organizational or group-enabled email address. This way, if the person who signed up leaves your organization, someone else can still access the account, reset the password, etc.
  • Keep all your passwords secure using a password manager like 1Password or LastPass.
  • Spend the time to learn how to set up and manage your third-party services, and when you run into questions or problems with them, use their documentation and help resources.

Setting up and securely managing third-party services can take time and effort, but it’s better to spend that time up-front so things go smoothly in the long run!