To secure your Twilio account and prevent fraudulent charges, phone number blocks, loss of customer trust, and more, follow seven best-practices. First, use strong passphrases with at least 14 characters and consider using a password manager to keep track of them. Implement multi-factor authentication (MFA) to add an additional form of evidence to confirm your identity. Protect your auth token by changing it periodically and assigning roles to sub-accounts for employees or co-collaborators. Secure your application by protecting API keys, not baking them into the code, and using temporary access tokens with Authy Two-factor Authentication. When traveling, use a hotspot powered by Twilio Wireless or a VPN to encrypt communications end-to-end. Examine SSL certificates presented by websites you visit and keep your operating system, SDKs, and tools up-to-date to prevent security vulnerabilities.