Help Center

Security settings in CX Social

Last Updated: Jun 23, 2017 10:34AM EDT
Security settings in CX Social 

Securing your CX Social account is something that is really important nowadays. In CX Social you have a couple of features that enable you to make sure your account meets the security standards custom to your needs. In this support article we will provide a full overview of CX Social's security features.

●  Password requirements
ŸŸ       ●  Password Strength
ŸŸ       ●  Locked users

●  Security Settings
ŸŸ       ●  Passwords expiring
ŸŸ       ●  Prohibiting the re-use of old passwords
ŸŸ       ●  Locking users after x failed log in attempts
ŸŸ       ●  Enforcing Strong Passwords
ŸŸ       ●  Advanced Security settings 

●  Security Audit Log

Password requirements

Apart from the fact that account administrators are able to decide when passwords will expire and how long a user cannot re-use an old password, we also have made the requirements for passwords stricter. When choosing a new password, it will have to be conform these rules:
  • Min. length of 8 characters
  • Passwords should contain at least one lowercase character like 'a'
  • Passwords should contain at least one uppercase character like 'A'
  • Passwords should contain at least one special character. Note that you have to choose between ! $ ( ) _ [ ] * - @
  • Passwords should contain at least one number like '0', '1', ... '9'
This is an example of a secure password: !Uyt84er (We encourage you to use this tool to generate secure passwords.)

Password strength

While a password may meet all the new password requirements above, we will still flag a password as insecure if it contains your name or other personal data like your e-mail address and company information. That is why we will also calculate a realistic password strength.

Account administrators can view the realistic password strength of the users of their account by going to the user overview page, and thus encourage their users to choose better passwords. You can read a great article about how 
realistic password strength is determined here.



Locked users

Certain suspicious events (like a user entering a wrong password too many times) can cause a user to become locked in a certain account. When this happens the account administrators are informed about this so they can take the appropriate actions. Locked users (if any) will be listed in a separate table on the user overview page, from where users with an administrator role will be able to unlock them. 

Security settings


In Account Settings, you will find the menu for your account's security settings with 3 security related preferences. For each of these settings, we've defined 3 possible values, from looser to very strict. These options help the account Administrator choose the strategy that best suits your companies security requirements. 


Require users to change their passwords

If you enable this setting, all users in your account will be required to periodically change their password to be able to log in to your CX Social account:
ŸŸ       ●  Never 
ŸŸ         Every quarter
ŸŸ       ●  Every month 
ŸŸ       ●  Every week

Don’t allow users to reuse an old password 

When users in your account change their password, they cannot use a password that they've used before.

ŸŸ       ●  For 1 year
ŸŸ       ●  For 2 years
ŸŸ       ●  For 3 years

Lock a user after x failed log in attempts

When users enter a wrong password a couple of times, we will block this user from accessing the data in your account (to prevent people from guessing your user's passwords). Once a user is locked, only account administrators can unlock the users in your account. This can be done from the user overview page as explained above

ŸŸ       ●  Lock the user after 3 failed log-in attempts
ŸŸ       ●  Lock the user after 5 failed log-in attempts
ŸŸ       ●  Lock the user after 10 failed log-in attempts

You can choose to enforce users of your account to set a very strong password when setting up a new password or changing their current one. This password policy prevents users to use a password that contains their name, email, account name, "CX Social" or other commonly used passwords. 


NOTE: If a user is a member of multiple accounts we'll take the most strict expiry time and the maximum of times an old password can be reused.

If you want to learn more about Locations, Devices and Sessions you can read the dedicated Two Factor Authentication support article. 


Allowed IP Addresses

Here you are able to enter a list of IP addresses that can have access to this account via the CX Social Web Application.


Security Audit Log

All security related events are logged in a Security Audit Log. This is a filterable logbook of the different security events that happend in your account. This log is similar to the account history page in functionality, but only contains security related events. 

Some of the events you will see here include:

●  A user asked for a password reset.

●  A user changed his/her password. If a user changes his/her password we'll log this. Also, in the Security Audit log you will be able to see how strong his/her new password is. We'll also notify the user by e-mail that his/her password has changed.

●  A user logged in successfully.

●  A user failed to login. If a user failed to login due to wrong credentials this event will be triggered. We'll also increment the failed login attempts for that user. When the threshold for failed login attempts is reached, that user will be locked. This threshold is configurable, see above.

●  user is locked. A user can be logged because he tried to log in with a wrong password too many times or every Admin has the ability to lock users himself/herself. When this happens, it will show up on the Audit Log. Only the account administrator(s) can (un)lock users. When an Administrator is locked, he/she needs to contact the CX Social support staff to unlock his/her account.

●  user is unlocked. If a user is unlocked we will log this. The user who unlocked the user will be saved and viewable in the Audit Log as well.

●  A user changed the security settings. Admins of the account are able to change the Security Settings for the entire account. They can decide on timeframe to change passwords, the reuse of old passwords and the number of times a user can try his password for logging in.

The security log also contains the IP-address and the type of device you're using. (web/mobile).

IMPORTANT: We will never save your password in plain text and we will never ask you to provide your password in person/over e-mail. The passwords you use will be hashed with a slow hashing algorithm.


Contact Us
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found