Safety and security in digital environments are paramount to running a successful modern business where your people trust you and you can trust them. As Inform People systems can host a significant amount of user data (depending on the modules you implement) we are committed to providing the best security we can and advising our clients of best practices too.
Consider this.
Without prior knowledge (though you might already know this!) if you had to guess, which of the following passwords is technically a more secure password – which would you pick?
$Xj=%4G:*:d^tZ7{
OR
this is a lot more secure and safe
You might be surprised, because of the legacy of some password creation prompts on other websites, to find that the second option, a sentence all in lowercase with a few spaces in there, is the most secure by a significant margin.
It also works out that it would be a lot easier to remember this password without compromising your security by writing it down.
Truly, a password’s length is key to combating brute force password attacks, though if combined with some Capital Letters and a piece of punctuation, you can make it even stronger!
Defaults, resetting and policy – we can help!
Other ways that we ensure your company’s security when using an Inform People platform is to tailor the requirements to match your own password security policy.
Some of the ways that we support this are as follows:
Initial Password Change
Always, when logging in for the first time, people are prompted to change their password from their initial one to a new one, known only to them. At this point there may be additional levels of requirement to match your company policy such as ‘must be at least 12 characters long’ or ‘must include both letters and numbers’.
Regular Password Change
We can set a platform-wide rule to ensure that every account is prompted to change their password on a regular basis. This can be as frequent as you like – to fit within company policy – but we would on the whole recommend no more frequent than once every 6 months.
Reset via unique email link rather than to a default
As alphanumeric passwords have become a fundamental part of securing access to online websites, and the growth and implementation of biometric authentication is not quite applicable or appropriate for all environments, there has been a significant shift in the way passwords are handled. It has been some years now, but early websites would often email a plaintext, unencrypted password if requested by someone locked out of their account. We never do this. Passwords can be reset but are never shared in plain text. We also never reset a password back to a ‘default’ and this is proven insecure.
Password format requirements
Required formats are actually customisable to your company policy for user passwords and a prompt to clarify what is required of a new password will be shared when passwords are being set/reset.
Password/Security Policy
Using our information sharing tools, either Knowledge Base & Share or MSCP, we can make sure that everyone in your company using the platform has access to your internal data security policies and even have them sign off their confirmation of understanding or complete a quiz to solidify their compliance.
Technology limitations
We are aware that our client base are often in busy environments where they share technology. Tablets and phones restrict the number of sets of biometric information that can be stored so standard passwords must be maintained for access to our platforms.
As soon as a colleague is marked as a leaver, access to their account is removed so only current employees can access their Inform People profile.
Keeping your business, your data, and your people safe
As our business focus is about keeping people and places safe, in a wide variety of ways, and keeping data visible to the people who need it, we know that data security is fundamental to it all. We are committed to doing all that we can from an infrastructure level to protect our users and while we know that human error (such as writing down a password!) can still occur, we are confident that a combination of security features and education goes a long way to providing protection.
Got any thoughts? We’d love to hear from you, you can use our contact form to let us know what you are thinking.
