This article will address various security measures that workspace admin users can change according to their preference.
There are various security features that the administrators have access to in their workspaces. This article will discuss them and their use.
Login links are unique to each participant and are used to identify the user in the workspace. It is, therefore, important that those links don't get into the wrong hands.
You will find the following settings under the main menu > Workspace settings > Security.
This option gives you the power to choose the length of the login link that is sent to the users. The short link is already secure, but if you have something sensitive in your workspace, we recommend the longer links. The longer the link more secure it gets, because a longer link is harder for outsiders to crack.
Here you can choose whether to allow a login link to be used an unlimited amount of times or to restrict its use to a certain amount of uses. The most secure setting is to allow links only to be used once.
With this setting, there is minimal risk of the link being used by someone else as after the participant has entered the workspace once, the link will be useless. When trying to use the link a second time, the participant will get a new working link to their email and be able to access the workspace with that, but an intruder cannot get access to the new link, since they won't have access to the participant's email.
This option allows you to choose how long it takes for a login link to expire. You can choose to have links expire in 1 month, one week, or in 1 day (24h). After a login link has expired, the user will end up on an error page that will prompt them to order a new login link to their email. The new link is then active the same length of time.
Due to security reasons, it is not possible to have the login link permanently active.
This setting allows you to set a two-factor authentication feature to the workspace. This way, the entry will be validated every time the user (both participant and admin) tries to enter the workspace.
Users that try to enter the workspace with an unknown or new device will be required to enter a PIN code that is sent to their email, even if the setting wasn't active. This extra measure is done just for added protection.
Decide whether the users will remain logged in and "remembered" even after they've closed their browser. If set to "forget" users will be automatically logged out when they close the browser, and next time they are opening the workspace it will be as if it was a new device.