Here
is a summary of the security standards we have implemented. All these platforms
are part of the Best Practices that are required by ISO and OWASP
standards.
- Support for Multi-Factor Authentication
- Two Factor Authentication
- Google Authenticator
- Microsoft
Authenticator
- Email Two Factor Authentication
- Identity 4.0 for LinkSOFT has the following features:
- Account Lockout after X attempts with Time laps to enable retry
- Password stored as irreversible encryption with unique system-generated
salt for each user
- Password complexity policy with
- Question and Answer
- Minimum Length
- Non Alphanumeric characters
- Forms-based authentication inside the LinkSOFT application allowing users
to create "Roles" and allocate "users" to Roles. Roles can then be allocated
"form" access
- Users can be deleted at any time
- User accounts can be disabled temporarily
Please
note that Link Technologies provides the tools and features for users to enable
on their web server. It is the client's responsibility to ensure that they
implement these features. For example, if a client decides to use a simple
password with no multi-factor authentication, the risk to the site can be quite
high. Alternatively, clients can choose complex passwords with
multi-factor authentication to prevent unauthorised access.
Link
Technologies recommends that all clients implement the following:
- Apply a 256 bit SSL Certificate with a minimum key length of
2048 bits to their published site
- Implement a password complexity and update the published site with the
appropriate policy
- By default, Email "Two Factor" is enforced. Users need to register and opt
into OTP or Authenticator App
- System Audit and Audit Logs are maintained by the system including user
activity. System administrators can receive regular alerts showing user
activity
- User access maintenance would be reviewed regularly
- Use router policies to restrict access to authorised regions
- Use complex API keys and change them regularly
Link Technologies - LinkSOFT Documentation