Security in Confirmit Software - Individual User Settings

Similar documents
Security in Confirmit Software - Additional Options

How to Configure Guest Access with the Ticketing System

A. Getting Started About e-access Enrolling in e-access: Authenticating your account Login... 5

Configuring 802.1X Settings on the WAP351

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

Lab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501

Recommendations for Device Provisioning Security

SAML-Based SSO Solution

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

AVS Portal Security User Guide

Cloud FastPath: Highly Secure Data Transfer

User Directories. Overview, Pros and Cons

Oracle Eloqua Legacy Authenticated Microsites and Contact Users. Configuration Guide

Salesforce Mobile App Security Guide

FAQ. General Information: Online Support:

Specialty Contractor User Manual. Table of Contents. Specialty Contractor User Manual Version 1 11/16/15

Grapevine web hosting user manual. 12 August 2005

How to Configure Authentication and Access Control (AAA)

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SAML-Based SSO Solution

Here is a screenshot of the log in screen you will see at the above address:

KYOCERA Net Admin User Guide

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Partner Side SMART Guide

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Symbolic Links 4. Deploy A Firewall 5

MANAGING LOCAL AUTHENTICATION IN WINDOWS

SC Common Reporting (ComRep) Portal User Manual

Club admins are able to perform the following actions via the Participant Login Management screen:

ColdFusion Application Security: The Next Step - Handout

Contents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 Managing Companies Managing Password Policies...

CYAN SECURE WEB Installing on Windows

Arrow Contract Management System. Electronic Tendering Guide

How-To Guide for Administrators

SafeConsole On-Prem Install Guide

CSU Talent Management User Guide Search Committee Member How to Log In and View Applications

Link Gateway Initial Configuration Manual

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

SSPR Registration. 1. Use your SVSU credentials to log in to

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

inty CASCADE Management Portal Self Service Ticketing Guide (Trusted Advisor)

Certified Secure Web Application Secure Development Checklist

Pass, No Record: An Android Password Manager

Welcome to ncrypted Cloud!... 4 Getting Started Register for ncrypted Cloud Getting Started Download ncrypted Cloud...

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Help Document Series: Connecting to your Exchange mailbox via Outlook from off-campus

User Administration Vaultview Security

Deploy the ExtraHop Discover Appliance in Azure

Emergency Routing Service (ERS) Subscriber Guide

New Password Reset for Dental Connect Provider

Oracle Database Security and Audit. Authentication and authorization

Participant Information Management System (PIMS)

Using the AETA Remote Access service

WebEx Integration User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Vodafone Secure Device Manager Administration User Guide

Security Guide Zoom Video Communications Inc.

SelectSurveyASP Advanced User Manual

Salesforce1 Mobile Security White Paper. Revised: April 2014

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

Registration and account management. NPDA User Guide: How to register to use the NPDA data capture system

ENROLLING FOR YOUR SYKES HOME TRAINING

Monitise. RSA Adaptive Authentication On-Premise Implementation Guide. Partner Information. Monitise Mobile Banking Solution

Salesforce Mobile App Security Guide

Vendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Add/Manage Business Users

Secure Internet File Transfer (SIFT) HTTPS User Guide. How to send and receive files via HTTPS using SIFT

Configuring Your Mail Server, Time Zone, and Locale

System Setup. Accessing the Administration Interface CHAPTER

Tenable.io for Thycotic

System Administrator s Guide Login. Updated: May 2018 Version: 2.4

USER GUIDELINES. Q 2. Is it necessary to configure password retrieval question and answer? How can I do that? Q 3. How can I change password?

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

imaconnect: Guide to the system

GoToMyPC Corporate Administrator Guide

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

Indian Standards on DVDs

Web and MAC Authentication

ESS Security Enhancements

SaaS Security for Confirmit Horizons Arnt Feruglio Chief Operating Officer

3) Click the Screen Sharing option and click connect to establish the session

Configuring the Cisco APIC-EM Settings

Customer Care Portal User Guide

MULTI-FACTOR AUTHENTICATION SET-UP

Office 365 and Azure Active Directory Identities In-depth

SUPPLIERS - SMARTSOURCE QUICK REFERENCE GUIDE

MyPatientVisit Patient Portal User Guide

Configure Settings and Customize Notifications on FindIT Network Probe

Step 1: Adding Darwin to your computer

Platform Compatibility... 1 Enhancements... 2 Known Issues... 3 Upgrading SonicOS Enhanced Image Procedures... 3 Related Technical Documentation...

ncrypted Cloud works on desktops and laptop computers, mobile devices, and the web.

Hearing Care Dashboard

WAM!NET Submission Icons. Help Guide. March 2015

Using the Terminal Services Gateway Lesson 10

Quicklaw Client Administration Guide

ISS INDIA Active Directory Self Password Management Solution ISS Facility Services India PVT.LTD.

docalpha Monitoring Station

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Louisiana Medicaid Management Information System (LMMIS)

Transcription:

Security in Confirmit Software - Individual User Settings Unclassified. Copyright 2017 Confirmit. All Rights Reserved Page 1 of 5

1 Using HTTPS in Confirmit Horizons SSL certificates are installed for all web facing servers in our hosted Confirmit Horizons environments, allowing all users to encrypt their sessions by using HTTPS instead of plain-text HTTP when connecting to the hosted platform. HTTPS protects your session against network eavesdropping (sometimes referred to as "packet sniffing") by ensuring the traffic between the client computer and the server is encrypted. By default, we enforce the HTTPS protocol for all login pages in Confirmit Horizons, i.e. for Professional users, Express users, Translators, Reportal users, and panelists. Exchanges of authentication credentials between the client and server are therefore always secured with SSL encryption. Users are then redirected back to regular, unencrypted HTTP once the server has successfully authenticated the login request. However, it is possible to enforce SSL encryption for the entire session when working in Confirmit Horizons. As a logged on user, you can open your settings by clicking on your user name in the top right area of the screen in Confirmit Horizons to access your user settings (you can also use the Home > User > Settings menu selection to open the same page). This will bring up an overlay screen where the setting 'Use HTTPS connection' can be found: If the checkbox is selected, Confirmit will always keep your session secured with HTTPS, even if you open windows to Confirmit Express, Reportal or Translator. Unclassified. Copyright 2017 Confirmit. All Rights Reserved Page 2 of 5

2 Using HTTPS in Confirmit Surveys Of course, Confirmit Horizons also supports HTTPS encryption for respondents. With the default settings, all surveys can be accessed over both HTTP and HTTPS at the same time. The perhaps easiest way to deploy your surveys over SSL, is to select the 'Enforce https access to this survey' checkbox on the Survey Settings page when launching your survey. By selecting this option, the Confirmit Horizons survey engine will ensure that every respondent that accesses the survey will be redirected to access the survey link over HTTPS. Regardless of whether you have an open or limited survey, respondents will be redirected to HTTPS even if you have sent out invitation emails using the ^SLINK^ primitive in emails (instead of ^SECURESLINK^, which will prefix all survey links with https://) or have an open survey where you have linked to the survey using a regular http:// link. If you are linking to the survey from an external page, you can also simply set up your survey link to use the https:// prefix, this will work out of the box without having to compile the survey specifically to support HTTPS. If you are creating a respondent email, you can select the 'Use HTTPS' checkbox, or use the ^SECURESLINK^ primitive in the email body to have survey links automatically formatted with the https:// prefix when emails are sent out. You can even use both the ^SLINK^ and ^SECURESLINK^ primitives in the same email to include both http:// and https:// links to the survey, providing respondents with the option to select for themselves which link they want to use. 3 HTTPS for Reportal Viewers Confirmit Horizons supports HTTPS encryption for Reportal users, and will enforce all Reportal login sessions to take place over HTTPS in order to encrypt the username and password exchange during the authentication process. This is also enforced for Reportal viewers and analysts. As a Confirmit Horizons user, you can also enforce HTTPS for entire Reportal sessions for your end users. This can be done on an individual end user list basis by enabling the 'Always use SSL' checkbox in the general settings for the end user list. All users uploaded to the particular end user list will inherit the setting. Unclassified. Copyright 2017 Confirmit. All Rights Reserved Page 3 of 5

4 Password / Account Security Passwords in Confirmit Horizons must comply with the minimum requirements configured on the system. As seen in the below screenshot, these settings include: Locking of accounts after 5 consecutive failed login attempts. Lock screen displayed after 60 minutes inactivity (Password required to unlock). Sessions logged off after 3 hours unless unlocked. Passwords must be changed after 90 days. Passwords cannot be reused (history of last 12 passwords stored on the system). Passwords cannot be changed more than once per day (to prevent circumvention of password history). Minimum requirements for passwords: 8 characters in length, at least one uppercase character and one numeric/symbol character. Passwords are not stored in clear text in the database, instead they are encrypted using one-way hashing technique (using the PBKDF2 key derivation function) with a unique salt value for each account, and the output hash value is stored in the database. The authentication mechanism will perform the same hash function on a password submitted from the login page and will try to match this against the hash value that is stored in the database for the user account, rather than verifying the actual password itself. A side-effect of this is that no one, not even Confirmit's Account Management Team, can retrieve the original clear-text password from the database. Instead of retrieving existing passwords, it is possible for an account administrator to reset a user's password from the admin menu (and provide the user with the new, temporary password, which must be Unclassified. Copyright 2017 Confirmit. All Rights Reserved Page 4 of 5

changed at the first subsequent login), or the user may request a password reset link to be sent to the registered email address for the account from the login page as long as they know their Confirmit Horizons user name. 5 Other options Other security options are also available, but may depend on license specific add-ons. See the separate Additional Options document for further details. Unclassified. Copyright 2017 Confirmit. All Rights Reserved Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback