Help Center

Security features in CX Social

Last Updated: Dec 27, 2016 08:43AM EST
This support article provides a full overview of CX Social's security features.
 
 

Introduction

 
In CX Social, there are several security measurements to help you keep your account secure. To start with, password strength is measured and enforced and users can get locked. Apart from that there are also some security settings that account administrators can decide on. These settings are listed further in the article
 

Stricter password requirements


Requirements
 
Apart from the fact that account administrators are able to decide when passwords will expire and how long a user cannot re-use an old password, we also have made the requirements for passwords stricter. When choosing a new password, it will have to be conform these rules:
 
  • Min. length of 8 characters
  • Passwords should contain at least one lowercase character like 'a'
  • Passwords should contain at least one uppercase character like 'A'
  • Passwords should contain at least one special character. Choose between ! $ ( ) _ [ ] * - @
  • Passwords should contain at least one number like '0', '1', ... '9'
 

 
This is an example of a secure password: !Uyt84er (We encourage you to use this tool to generate secure passwords.)
 

Realistic password strength


While a password may meet all the new password requirements above, we will still flag a password as insecure if it contains your name or other personal data like your e-mail address and company information. That is why we'll also calculate a realistic password strength. Account administrators can view the realistic password strength of the users of their account by going to the user overview page, and thus encourage their users to choose better passwords. You can read a great article about how realistic password strength is determined here.

 

 

Locked users

 

Certain suspicious events (like a user entering a wrong password too many times) can cause a user to become locked in a certain account. When this happens the account administrators are informed about this so they can take the appropriate actions. Locked users (if any) will be listed in a separate table on the user overview page, from where users with an administrator role will be able to unlock them. 
 

 

 

Security Settings


In Account Settings, you will find the menu for your account's security settings with 3 security related preferences. For each of these settings, we've defined 3 possible values, from looser to very strict. These options help the account Administrator choose the strategy that best suits your companies security requirements. 

 

Require users to change their passwords

If you enable this setting, all users in your account will be required to periodically change their password to be able to log in to your CX Social account.
  • Never
  • Every month
  • Every week
     

Don’t allow users to reuse an old password 

When users in your account change their password, they cannot use a password that they've used before.

  • For 1 year
  • For 2 years
  • For 3 years
     

Lock a user after x failed log in attempts

When users enter a wrong password a couple of times, we will block this user from accessing the data in your account (to prevent people from guessing your user's passwords). Once a user is locked, only account administrators can unlock the users in your account, from the user overview page as explained above

  • Lock the user after 3 failed log-in attempts
  • Lock the user after 5 failed log-in attempts
  • Lock the user after 10 failed log-in attempts
     
Enforce Strong Password
 

You can choose to enforce users of your account to set a very strong password when setting up a new password or changing their current one. This password policy prevents users to use a password that contains their name, email, account name, "CX Social" or other commonly used passwords. 


 

 NOTE: If a user is member of multiple accounts we'll take the most strictly expiry time and the maximum of the old passwords reuse times.

To learn more about Locations, Devices and Sessions you can read the dedicated Two Factor Authentication support article. 


Advanced 

Allowed IP Addresses

Here you are able to enter a list of IP addresses that can have access to this account via the CX Social Web Application.

 

Security Audit Log

 

All security related events are logged in a Security Audit Log. This is a filterable list of the different security events. This log is similar to the account history page in functionality, but only contains security related events. 

 

Some of the events you will see here include:

 

  • A user asked for a password reset.

 

  • A user changed his/her password. If a user changes his/her password we'll log this. Also, in the Security Audit log you will be able to see how strong his/her new password is. We'll also notify the user by e-mail that his/her password has changed.


 

  • A user logged in successfully.


 

  • A user failed to login. If a user failed to login due to wrong credentials this event will be triggered. We'll also increment the failed login attempts for that user. When the threshold for failed login attempts is reached, that user will be locked. This threshold is configurable, see above.

 

  • user is locked. A user can be logged because he tried to log in with a wrong password too many times or every Admin has the ability to lock users himself/herself. When this happens, it will show up on the Audit Log. Only the account administrator(s) can (un)lock users. When an Administrator is locked, he/she needs to contact the CX Social support staff to unlock his/her account.

 

  • user is unlocked. If a user is unlocked we will log this. The user who unlocked the user will be saved and viewable in the Audit Log as well.

  • A user changed the security settings. Admins of the account are able to change the Security Settings for the entire account. They can decide on timeframe to change passwords, the reuse of old passwords and the number of times a user can try his password for logging in.

 

The security log also contains the IP-address and the type of device you're using (web/mobile).

 

IMPORTANT: We will never save your password in plain text and we will never ask you to provide your password in person/over e-mail. The passwords you use will be hashed with a slow hashing algorithm.

Contact Us

support@engagor.com
https://cdn.desk.com/
false
engagor
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete