Skip to main content

Famly Security Best Practices

Josie avatar
Written by Josie
Updated over 2 weeks ago

How to Keep Your Famly Account Secure

Keeping your Famly account secure helps protect not only your personal information, but also the data of the children and families in your care. This article will guide you through some crucial steps you can take to keep your account safe and reduce the risk of unauthorised access.

This article outlines:

  • Security measures you can take as a staff member or administrator

  • The initiatives we take at Famly to protect your data

How Famly Keeps Your Data Safe

At Famly, we take security and privacy very seriously:

  • All personal data is encrypted in transit and at rest using AES-256

  • Our platform is hosted in a secure data centre, with additional backups in separate locations. All backup and primary systems follow rigorous security standards and independent audits

  • We operate under a comprehensive Data Processing Agreement (DPA) and comply with GDPR, UK GDPR, and related data protection laws

  • All sub-processors are vetted to meet equivalent standards

💡 You can read more about Famly’s security practices here

Use strong, unique passwords

A strong password is your first line of defence. We recommend:

  • Creating a password that has at least 15 characters

  • Avoiding easily guessed words like names or birthdays

  • Not reusing passwords across different services

Famly will automatically check whether new passwords have been part of a previously reported password breach from other websites or services to prevent the reuse of compromised passwords. When you update your password, you will be automatically logged out of all other devices.

Best practices:

  • Do not store passwords in unsafe places (like post-it notes or unsecured documents)

  • Consider using a reputable password manager to store long, random passwords securely

  • By default, Famly requires at least 8 characters including letters and numbers/special characters.

💡 If you would like to enable stricter password requirements, please contact support@famly.co

Never share your login credentials

Your Famly login details are private, so you shouldn't share them with anyone. Each staff member should always have their own account and you should never let someone log in using your credentials. Sharing accounts:

  • Makes it impossible to track who performed what actions

  • Creates unnecessary security risks

Avoid saving your password in browsers on shared devices. If you must record a password, store it securely (ideally in an encrypted password manager).

Use trusted devices and networks

Famly will notify you if a login is detected from a new device. To stay safe:

  • Only log in from trusted devices

  • Avoid public or shared computers

  • Be cautious with public Wi-Fi networks. If you must use them, use a VPN or your mobile hotspot

If you ever use a shared device:

  • Open Famly in a private browsing window

  • Do not allow the browser to save your password

  • Always log out when finished; closing the browser window won't always sign you out automatically

Keep your devices and software updated

Maintaining the security of the devices you use to access Famly is an important part of general security best practice. Make sure the devices you use with Famly are up to date:

  • Enable automatic updates for operating systems and apps

  • Keep antivirus or anti-malware tools running and updated

  • Regularly update the Famly app

Be vigilant against phishing

Phishing is when attackers impersonate trusted organisations to steal login details. Attackers may send emails (or texts) that impersonate Famly support or a familiar institution, urging you to verify your account or log in via a provided link. Remember:

  • Famly will never ask you to confirm your password by email

  • Always go directly to the Famly website or app to log in

  • Be wary of urgent or unexpected messages that ask you to click links

💡 If in doubt, do not click the link. Contact support@famly.co to confirm whether an email is legitimate.

Use automatic logout and screen lock

Famly automatically logs you out after 5 minutes of inactivity. You can read more about the auto-logout feature here. We recommend:

  • Keeping the auto-logout timer short (no more than 15 minutes)

  • Locking your device screen whenever it’s not in use

  • Setting your computer or tablet to require a PIN, password, or fingerprint after inactivity

💡 Combining an auto-logout on the app with a short screen timeout on your devices provides two layers of protection to keep your account and data secure

Make sure your staff have the right permissions

Permissions in Famly allow you to control what staff can see and do in the platform. Make sure your permissions are set up correctly, so that staff do not have access to unnecessary information:

  • Check that staff roles only have access to the information they need

  • Restrict access outside of working hours if needed

Consider Two-Factor Authentication (2FA) or Single Sign-on (SSO)

For an extra layer of security, use two-factor authentication on your Famly account:

  • 2FA adds an extra step when logging in, using a one-time code on your phone or authenticator app. Even if someone has your password, they cannot access your account without the code.

💡 You can read more about enabling 2FA on your account here

If you use company email addresses for your staff, you can have single sign-on (SSO) enabled for staff on your Famly account, which can also add an extra layer of security:

  • SSO allows staff to log in using their work email address. This adds convenience and an extra layer of security.

💡 If you'd like to enable SSO for your setting, reach out to your account manager or support@famly.co

What to do if your account is compromised

If you believe your account has been accessed without permission:

  1. Change your password immediately

  2. Inform your setting’s administrator

  3. Contact Famly Support so we can investigate and help secure your account

Automatic account email notifications

Famly automatically sends email notifications to keep your account secure. You will receive an email if:

  • You request a password reset

  • A new password is set

  • Your account logs into a new device not previously seen

  • You request to change your Famly account email address

  • Your account email address has been successfully changed

  • Your account is blocked due to too many failed login attempts

Need more help?

By following these account security best practices, from using strong, unique passwords and device safeguards to staying alert against phishing, you can help ensure that your Famly account (and the sensitive data within it) remains well-protected. Security is a shared responsibility, and a few proactive steps on your part will go a long way in keeping your Famly platform safe.

If you have any questions or concerns about account security, please reach out to support@famly.co and we’ll be happy to help.

Related Articles
Famly Usage Report
Parents 🧸: Manage your notifications in Famly
Parents 🧸: A Guide to the Famly App
Setting up Azure Active Directory (OIDC)
A Parent's View of Famly
Did this answer your question?