Here at Bronto, we have built many security settings into our application to help ensure that you, and your customer's data remains safe. In this post, I'll go over what those security settings are, and what you can do to ensure that your data is as secure as possible.
If you go to Home->Settings->Security, you can configure various security settings around logging into the application. Each setting is described below:
- Having people not log into the application for a long time can be a security risk. You can automatically force users to reset their password if they haven't logged in (i.e. have been inactive) for a given period of time.
- You can set the limit for failed login attempts. If a user reaches this limit, their account will be locked and can only be unlocked by an account administrator.
- When a user reaches the maximum number of invalid login attempts specified above, they will be locked out of their account. You can set the duration of the lockout, ranging from a from a few minutes, to a permanent lockout.
- You can choose to allow API access and user logins from unknown IPs. This is an override for the IP address range network settings you can specify. See Network Access below for more information.
In the event that one of your user's passwords gets compromised, we have built in the following security measures:
- You can set an expiration date for passwords. This ensures that passwords remain a moving target for any would be attacker, since each password will expire after a set period of time.
- You can set the length and complexity of passwords. Most often, the longer and more complex (contains number and symbols) a password, the less likely it is for a would be attacker to acquire it.
- To prevent users from switching between only a few passwords each time they are asked to reset their password, you can enforce a password history. This ensures any single password can not be reused by a user for a certain period of time.
With the session security settings, you can add additional security settings regarding a session (i.e. the time a user is logged in to an account).
- You can require a secure login session using SSL.
- You can set how long a session can remain inactive before it times out and logs the user out.
- You can lock sessions to the IP address from which they originated. This setting helps to prevent session hijacking attacks.
If you go to Home->Settings->Network Access, you can define a set of network IP addresses or IP address ranges from which your users can login to the application. Users attempting to access your account from an unauthorized IP will be rejected and will be unable to access the account. Depending on your needs, you can configure settings that allow your users to login to the application (and/or the API) from IP addresses not part of the ranges specified on the Network Access page. These are the network range overrides we talked about in the Login Security section above.
User Level Security
At the individual user level, we allow you to set per-user permissions that allow access to as much, or as little functionality as you wish. In addition to user management benefits, the user permissions can also provide an added level of security by limiting what any one user has access to. As an option, you can also lock an individual user and prevent them from logging in. Bronto's application level security settings are just one part of a company wide security initiative. If you have any additional questions or concerns about the application security settings, please leave them in the comments section below.
Technical Writer/eLearning Specialist
Editor of Brontoversity