Social Solutions is aware that many employees work from home or in the field. This may mean that these users access ETO from private or public networks. ETO offers a range of security protocols that organizations may implement to best secure access to ETO.
Expand password securities and enforce mandatory password update periods.
- We recommend that ETO passwords be a minimum length of 6, maximum length of 15, include 1 numeric, and include 1 alphanumeric character.
- We recommend mandating new passwords every 30-90 days. This is contingent on your organizations practices.
Reduce the idle timeout period for users.
- We recommend setting the idle timeout to 60 minutes
- Note: Idle time is anytime that a user is not actively changing pages in ETO or submitting forms.
Limit the number of failed login attempts.
- We recommend setting failed login attempts to 3. Once that amount has been reached, the account will be locked and can only be unlocked by a Site or Enterprise Manager.
Limit users from logging on based on an IP address range. This range is inclusive so only addresses between those listed will be able to log in to the software.
- This practice is best used with a VPN. Restrict login to the IP range of your organizations VPN so that only users accessing the VPN can login to ETO.
Multi-Factor Authentication (MFA)
- This is an added feature that can be discussed with your account manager (firstname.lastname@example.org)
- This feature requires users to verify their login with a unique code sent to their mobile device. The verification can be set to be required on every login, or after a specified number of days since the last verification.