This article provides a comprehensive guide on Tivian security measures, focusing on password management, multifactor authentication (MFA), and updated Captcha features for panel websites. It includes information on upcoming changes, best practices, and step-by-step instructions for implementing security features in Tivian DXI – Enterprise Feedback Suite (EFS) installations.
Password Management
Effective password management is crucial for maintaining the security of your Tivian installation. This section covers current password requirements, the importance of increasing password length, and how to manage user passwords.
Current Password Requirements
As of September 2023, the minimum EFS password length for user accounts is 10 characters. Tivian strongly recommends enforcing these minimum standards, especially for privileged accounts.
Importance of Increasing Password Length
Increasing the minimum password length from 8 to 10 characters significantly enhances security, increasing the security factor by 8,836 times. Moving from 8 to 16 characters boosts the security factor by 6,095,689,385,410,816 times.
Changing Password Expiry Dates
EFS admin users can change password expiry dates. To do this:
- Go to System – Users
- Search for the user name
- Find the expiry date
- Select the expiry date to adjust it
Forcing User Password Reset
Admins can send a password reset nudge email to users:
- Set the password expiry date
- Click the Mail icon under Actions to send the user a password reset email
Multifactor Authentication (MFA)
Multifactor Authentication adds an extra layer of security to your Tivian installation. This section explains what MFA is, why it’s recommended, and how to implement it for both panel websites and admin accounts.
What is MFA and Why is it Recommended?
Tivian introduced authenticator app-based MFA for Panel websites and Admin users in release 24.1. It is highly recommended to enable MFA for panelists and all EFS admin users. This will be the default setting for all new customers in the next release.
Activating Two-Factor Authentication for Panel Website
To activate two-factor authentication for the panel website:
- Navigate to the Website section
- Select the website you want to configure
- Scroll down to the Login area
- Configure the two-factor authentication
Activating MFA for Administration Account
For instructions on activating MFA for your administration account, refer to the TivAI prompt: “How do I activate multi-factor authentication for my account?”
[Insert image placeholder for admin account MFA settings]
Compatible Authenticator Apps
Compatible authenticator apps for use with EFS include:
- Google Authenticator
- Microsoft Authenticator
- 2FA Authenticator (2FAS)
- Authy
Captcha
Captcha features help prevent automated attacks on your panel websites. This section covers recent changes to Captcha implementation and how to activate different Captcha options.
Changes to Captcha Features
On panel websites using the Responsive v2 layout, the previous CAPTCHA implementation has been replaced by ALTCHA, a modern, free, open-source alternative. ALTCHA is GDPR compliant, does not use external services, cookies, or fingerprinting, and does not track users.
Activating Google reCAPTCHA v2
To activate Google reCAPTCHA v2:
- Select the option from the drop-down menu “Use CAPTCHA plugin” on the Registration page
- Enter your site key and secret key
- Click Save
FAQ
What changes are coming in the upcoming Tivian 24.2 release?
In the upcoming 24.2 release, Tivian will reset the minimum password lengths to at least 10 characters. If you would like this length to be increased for your installation(s), please raise a support request.
What changes are planned for future Tivian releases?
In future releases, Tivian will enable MFA by default for all administrators.
Can EFS admin users change password expiry dates?
Yes, EFS admin users can change the password expiry date. If your organization has specific time periods or password policies, Tivian support can assist you in implementing these.