Settings: Account Settings

In the Site Administration area, under Settings, you will find an Account Settings sub-section. It will allow you to configure important defaults for all accounts and essential security settings.

Account Fields

Each Panelist can edit their profile via their personal Account Settings page. This section allows you to remove the editing rights of Panelists on some of their basic profile fields:

  • First name
  • Last name
  • Email address
  • Profile photo
  • Username
  • Password
Blocking update capabilities on passwords is not recommended and it does not prevent the user from performing a full reset of their account password if they get locked out.

Password Rules

The rules that define an acceptable password can be customized. The following options are available:

  • Require a minimum length of password (e.g. 6 characters)
  • Make passwords case sensitive
  • Require at least one uppercase (A-Z) and one lowercase letter (a-z)
  • Require at least one digit (0-9)
  • Require at least one symbol (!@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
  • Force passwords to be changed periodically (password expiry)

If periodic password expiry is enabled, various additional options become available:

  • Number of days before password expiry to send a warning email that a new password must be soon be selected
  • Number of days after password expiry that the current password can be used a final time to enter (the user will be immediately prompted to select a new password)
  • Period of time before previous account passwords can be re-used (e.g. 12 months)

Two-Factor Authentication

Learn about Two-Factor Authentication (2FA).

The settings on this page allows enforcement of two-factor authentication for entire user roles (e.g. all Analysts, Moderators, Clients or Participants). 

Once a role has been enabled, all users in that role without two-factor authentication enabled will be forced to set it up. The user will not be able to enter the site until their two-factor authentication configuration has been verified.

It is possible to manage enforcement at the account-level instead of the role-level. It is also possible to override the role-level enforcement for an individual thus allowing temporary exemptions as needed.

Session Duration

Once a user is authenticated (i.e. after a successful login), they have a "session" which is logged as a visit on their profile.

This section allows you to define how quickly these sessions will expire after a period of inactivity in the web browser (e.g. 90 minutes).

When a session is about to expire due to inactivity, they will receive a warning along with a 60-second countdown. They can choose to continue their session, logout or let their session expires.

Once a session expires, the user will be taken to a "Session Expired" page. If the user wishes to start a new session, they need only press "OK". If the automatic login feature is enabled, as described below, the user typically does not need to go through the login process again. If not, the user will be prompted to login. In either case, the user is returned to the page that was being visited prior to their session expiring.

Session duration can be set uniquely for Panelists and Administrators (i.e. Analysts, Moderators and Clients).

Automatic Login

Sites administrators can choose to enable or disable use of the Remember Me function on the login form. It is a way of signalling that the current device is trusted. This is an option that makes it easier to return to the site with the same web browser on the same device over a period of days without needing to repeatedly login.

The number of days that the account holder will be remembered can also be set uniquely for Participants and Administrators. Set a value to zero if you wish to disable it for just one type of user. To disable this feature entirely, place the primary switch in the off position.

Account Security

Brute force attacks are a way of gaining unauthorized access by attempting multiple common passwords on a single account. Such attacks can be prevented by locking accounts after a certain number of failed login attempts. 

This section allows you to define the threshold for an account lockout and the duration of a lockout. You can also select one or more administrators to be notified when an account gets locked.

Once an account is locked, it can be unlocked by the affected user by performing a password reset. Analysts can also unlock an account on the Edit Panelist or Edit Admin page of the affected user.

Social Site Integration

Recollective integrates directly with popular online social sites to streamline the user registration and user authentication flow. Usability is improved by ensuring participants don't need to remember yet another account password.

Use this section to enable integration with one or more of the available services:

  • Google
  • Facebook
  • LinkedIn

Once enabled, these services will appear on the login and registration forms of the site. They will also appear on the personal Account Settings page to allow existing Panelists to link their account to one or more of the enabled services. Linked profiles can be shared in-Study via the Privacy section of Study Settings.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.