Keeping your system secure

Keeping your system secure

Update Q4/21


We’ve recently added some new features to Refernet which means that the way in which you interact with certain areas of the system has changed.

 

Two-factor authentication

Two-factor authentication is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information.

When this option is enabled by the administrator on your system, all users will be opted-in to this additional login check via a code sent to a mobile device. If a user does not enter a mobile number, then Two-factor authentication will not trigger on login. If a user has entered a mobile number then it will trigger upon login. This functionality works in the same way for Administrator access.

Password strength

Passwords provide the first line of defence against unintentional access to your system and information contained within. The stronger your password, the more protected your system will be from unauthorised access.

We’re making sure that all your users will now start to use strong passwords. This means that passwords – moving forward – will need to be a minimum of 9 characters, contain letters (uppercase and lowercase), numbers and a special character (eg: exclamation point). This means that the use of bruteforce or dictionary based attacks will be severely limited.

Password reset

To reset or change a password, we now require the user to enter their username, and then Refernet will generate an email to the email associated with that username which contains a one-time-use link. This will take the user to a page where they can enter a new strong password. Once the user is validated, Refernet will securely allow the user to create a new password.

New User – Usernames

As Administrator, you will need to personally supply all new users with their Username that you create. You can safely do this via email or telephone. This is to make the process more secure, by keeping usernames and password invitations completely separate.

File upload and checking

File upload is becoming a more and more essential part of Refernet. Any files that fall outside of our checks will be denied upload. Files that are uploaded to Refernet undergo scanning for any potential virus’.

In conjunction with content-type validation, Refernet will validate the file’s signature against the expected file that should be received. This will help Refernet to fend off bogus and malicious files in a way to keep the system and the users safe.

Top page intro wording

Your Agency description copy, on the Refernet top page, is now ‘plain text’ only and will need to be revised. Please login as administrator and go to ‘System’ > ‘System Details’ and edit this under ‘System welcome text’.

We advise you to copy and save your existing wording before the upgrade.

Registered Office
38 Holland Road
Hove
East Sussex
BN3 1JL

Telephone
01273 244099

Email
info@refernet.co.uk

Refernet is a service developed, built, provided and supported by ViccariWheele Ltd