Recollective includes a number of important and security capabilities. Please contact us if you would like to receive a comprehensive review of Recollective's security and privacy related features.
A number of security features can be controlled by site administrators. The two most basic considerations relate to user's passwords.
We recommend the following best practices:
- Have participants choose their own passwords or at least force them to change the password provided upon their first visit.
- Never include passwords in email as emails are sent in plain text and will persist in the participant's inbox for quite some time.
Advanced Security Options
The following security options are also configurable for a site in the Site Administration area under Site Setup: Account Settings. Due to usability concerns, we don't recommend enabling all security options at once
- Enforce use of two-factor authentication (by role)
- Enforce greater password complexity
- Block re-use of past passwords
- Reduce the idle time required before a session expires
- Disable use of Remember Me on login
- Lock accounts after fewer failed login attempts
- Notify multiple administrators when accounts get locked
- Disable automatic login on emailed broadcasts