We have posted about the inherent dangers of storing information online in the past, and the methods you might use to make the most of our software’s built-in security standards, such as choosing a unique password and avoiding writing passwords down. Since then, the slow economy has not slowed the growing attempts at identity theft, and Tazworks, our software partner, has kept security a fundamental priority by making a few upgrades to help tighten the screws on the deadbolts protecting our applicants’ personal information.
Along with existing password-controlled access for all users and optional IP restrictions, we’ve added an additional user restriction called Multi-Factor Authentication. This restriction is most powerful against those looking to gain access to your information by stealing your password, whether it’s through malware, social engineering, or simply looking around your desk for a Post-It with your password. Multi-Factor Authentication works by requiring you to provide a text message-enabled cell phone number or e-mail address. Then, when you sign into a new computer or a new browser, an authentication code is text-messaged or e-mailed to the account on file. You can have up to five browsers or computers authorized at any one time, but you will be required to re-authorize them again every 30 days. It may seem like a hassle to have to check your phone and type in a weird authentication code every time you want to use a new computer, but this feature is smart security when it comes to protecting your assets. By using MFA, we are requiring you, or anyone pretending to be you, to pass through two separate security gateways, the first being something that you know (your username and password); the second is something you have, which in this case would be your cell phone, or access to your e-mail account. The text message-enabled cell phone is obviously the more secure of the two options, as it is a physical item that can’t be obtained by an Internet thief.
In case you forget your password, we have added the option to reset it by answering two of three security questions that you have selected. When you set your security questions, make sure to choose questions and answers that you can remember, but that truly only you will know. Do your due diligence in keeping your password secure, educating your users on the importance and sensitivity of the information we are guarding on your behalf, and protecting your login session. We do the very best that we can to protect you and your applicants, but as a vigilant user, you must be the final safeguard.