General security policy

The Contactlab platform enables users to create reliable, secure passwords and then store and utilize them properly.
Find below the main policies adopted by Contactlab Marketing Cloud:

– MAXIMUM PASSWORD AGE POLICY

Users can keep a password up to 3 months before they are required to change it.
Starting from 20 days before the password expiration, users are regularly notified to change it.
Similarly, users are notified to change the password in case of no access to the platform for more than 1 month.
If users does not change the password within 1 more month, access is suspended. Then, it can only be reactivated by either Contactlab Customer Care, or someone of the same company with admin permissions.

– MINIMUM PASSWORD LENGTH POLICY

The Password Length must be at least eight alphanumeric characters.

– PASSWORD AUDIT POLICY

The Password Audit policy allows you to track all password change events. By monitoring the modifications that are made it is easier to track potential security problems. This helps to ensure user accountability and provides evidence in the event of a security breach.

– PASSWORD ENCRYPTION

Passwords in the system database are all encrypted.

– PASSWORD RELATED EVENTS LOGGING

All the notifications that remind users when it’s time to change their passwords, notification of the password recover, password reset, etc., are logged and easily retrievable.

ENTERED WRONG USER NAME OR PASSWORD

– PASSWORD RECOVERY

In case of forgotten password, a reset link can be obtained through the email address associated to the user in Contactlab platform. The reset link leads to a Password recovery page where the user can enter a new password. The reset link expire within 24 hours.

If you try to access the platform from another country or from places very far from usual, you will be asked for further verification via PIN or one-time password:

  • The PIN that was sent to by email.
  • The one-time password (OTP) is generated in real-time and sent by SMS to your verified mobile phone.

IMPORTANT:

  • If you enter the wrong numbers from your PIN five times, your account is blocked. If you stop trying after the fourth attempt and wait at least 30 minutes, the counter is reset, and you can try five more times. However, the global counter limits you to a maximum of 15 attempts in total, before the account is blocked.
  • If you enter the wrong OTP 50 times, your account is blocked.
  • Once an account has been blocked, only Contactlab customer care can re-enable it.

The following conditions apply to OTPs by SMS:

  • You can request a maximum of one OTP per minute.
  • Only the last three OTPs are valid.

 

 

Previous page: Getting started, signing in and signing out| Next page: Using your PIN and one-time passwords