Two-factor authentication and password security

IdSurvey allows various levels of security to be set for users using the platform.
Options can be activated and configured on a user-by-user basis, allowing for differentiated security settings depending on each individual’s level of permissions.

Password minimum requirements
The IdSurvey login password has the following requirements:

  • Minimum length 8 characters/li>
  • At least one lowercase letter
  • At least one uppercase letter
  • At least one number
  • At least one special character (asterisk, question mark, at sign, etc…)

These requirements cannot be changed and are common to all users.

Password security options

Administrators can change the security options for their profile or for any other user. All security options are optional and can be enabled at the discretion of the administrator and their organization’s policies. Non-administrator users can change their passwords, however, they can neither enable nor disable their own security settings chosen by administrators.
To enable and set security options, it is necessary to log in as an administrator, click on the circle icon bearing one’s initials located in the upper right-hand corner of the IdSurvey main menu, and click on the “User Management” option.

Password security options

From the list of users, choose one and click on the pencil icon.
All security-related settings can be found on the left side of the user editing page.

user setting

Password expiration
By enabling the Password Expiration option, and setting the desired number of validity days, the user will have to change their IdSurvey access password each time it expires.

Limit attempts
This additional type of security allows the user to set a maximum number of login attempts. If the user tries to log in inputting an incorrect password too many times, the account will be locked for 5 minutes.

2-factor authentication
By enabling this option, a temporary code (OTP) is required each time a user logs in to verify the user’s identity, in addition to the username and password credentials,
It is not necessary for the administrator to specify an email address. It is the user who will provide the email address and verify it through the wizard that will be proposed at the following login.

Email verification
When the user first logs in after the activation of 2-factor authentication, they will normally be prompted to enter their credentials, then the system will offer the wizard to add and verify their email address. After completing the verification process, the user will be able to continue with the login by confirming the temporary code.

Login with 2-factor authentication
Users with 2-factor authentication enabled and email verified will be able to log in by entering their credentials and, on the next screen, type in the six-digit code received via email.
The user can check “Store this device” to log in faster the next times. By clicking this option, the device browser is trusted for 2 to 3 weeks, and during this period the system will not ask for the verification code at each login.

Email verification

login windows
setup method
email set
verification pending
email verification

email verification ok
verification completed

Login with 2-factor authentication

login windows
select email
enter code
email code
insert code