This release is all about security: a handful of new features to give you more oversight on log in attempts and password resets, plus additional work to inhibit brute force attacks. It's really important that we keep your data safe - doing so underpins everything that we do - and these new additions strengthen Citizen Space security further.
Whether you're in or out of the EU, data protection is unlikely to have passed you by. Related to this, we've made an optional change to IP address collection. You can read more details about all of this below, and please drop your account manager a line if you have any questions.
Following on from the customisable password policy last release, we've built the option to further configure your log in security settings. You can find out more about all of these in this article.
Automatic log in back-off
Automatic back-off puts a configurable delay between consecutive log in attempts, meaning that if someone is trying to log in multiple times then we can set a time delay between each further attempt. It's a good way to prevent brute force attacks on your site.
If you'd like this enabled then you can tell us how many log in attempts people are allowed to have before the back-off starts being applied, and then how long in minutes they'd have to wait between each further attempt.
Security email notifications
We've built some additional notifications into Citizen Space to let users know when security events occur on their account. These are optional emails, but if enabled will notify users when:
The log in back-off has been triggered for their account
Their password or email address has been changed
Should other people in your organisation need oversight on these events across the site, too, we can add additional recipients so they will receive these emails as well as the account holder.
Password last changed date on Users export
You'll now have the date every admin user last changed their password in a new column on your Users export. If you have a policy around how often your users should be changing passwords then this will allow you to check that and take action.
Ability to turn off IP address collection
We've built a new option which will allow us to turn off the collection of IP addresses for your future consultations, this means IP addresses would no longer form part of your consultation data.
Currently, Citizen Space collects IP addresses for every consultation and you can see these in your data exports; they're often used by organisations when investigating potential duplicate responses. Under the new EU data protection regulations, IP addresses are classed as personal information and we've been asked by a number of customers whether we can turn this collection off. If you wish to have IP address collection disabled for your consultations from now on, please email us via firstname.lastname@example.org and we will do this for you. More details can be found in this article.