Login Credential Transmission and In-platform Security Best Practices Follow
At Awardco, we hold ourselves to the highest standards when it comes to securing and protecting your user data. For details on how we do so, take a look at our SOC 2 article explaining our certification in the context of you and Awardco. When it comes to securing your user data in the Awardco platform, we make our clients partners in this effort and ask that you understand and utilize all of the in-platform security features that are available you as a system administrator. In this article, we will discuss Awardco's recommendation for distributing login access to platform users and we will briefly highlight the available in-platform security features.
Distributing Login Credentials
Single Sign-on (SSO)
SSO allows users to authenticate using one set of login credentials over multiple softwares and is one of the best ways to keep your users’ accounts secure. When employees have to use separate passwords for each app, they usually don’t. The majority of employees use the same or similar passwords on multiple accounts. If one app is breached, there is an increased chance of breach in other corporate systems. With SSO, you have direct control over the creation conventions required for the user’s password. This includes the length of the password, character diversity, how often the password must be reset, and so on. If SSO is an option for your organization, please utilize it. If it is not an option now but later becomes an option for your organization, please contact your Awardco account manager to enable the feature.
Activation Link Sent via Email
With Awardco, you have the ability to generate welcome emails to your system's users when your platform is rolled out and to new system users throughout the life of your account. As part of these welcome emails, you are able to attach an activation link that will take the email recipient directly into their Awardco platform account. After SSO, this option is the next best way to securely distribute login credentials. To enable this option, please discuss activation links with your Awardco point of contact.
Printed Login Instructions
In cases where the SSO and activation link options are unavailable, it may be required to generate login credentials and print these for distribution in deliverable packets. Where possible, every effort should be made to distribute login credentials digitally. If this is the option you are examining with your Awardco point of contact, please be sure to ask about password generation best practices and review the contact's guidance.
In-platform Security Features
The following features can be found in the password sub-tab in the settings tab located in the admin section of your Awardco account. We recommend utilizing each of these features to better secure your users' data.
Change Password on First Login
This feature requires your employees to change their password when they first log in to their Awardco account. This feature is highly recommended for all platforms not utilizing the SSO feature. Employees who do not change their passwords regularly keep the login sheet, with the active credentials, near their workstation. Prevent this dangerous practice by requiring your employees to change their password upon their first login. This will protect them and it will protect you. Requiring employees to change their password also helps to ensure ease of access in the future as the employee continues accessing their account.
Minimum Password Length
The length of a password is a better indicator of password security than the randomness and diversity of the password. Awardco recommends setting your minimum password length to 12-15 characters and recommends having your employees choose a phrase that they will always remember. For example, “starburstsarethebest.” This phrase is easy to remember and very secure.
The lock account feature requires the user to contact our Support team to reset login credentials after a certain number of failed login attempts are logged by the system. This feature is always enabled and is set to a default of 5 failed attempts. As an administrator, you can choose between 3 and 10 failed login attempts.
Use this feature to limit how long a user’s session will stay active when the user is inactive. For example, if this feature is set to ten minutes, once the user is inactive for ten minutes, they will be automatically logged out and required to reauthenticate.
If you feel this article left your questions unanswered, please contact your account manager so we can better assist you.