Author Topic: Better Security  (Read 34 times)

Annette

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 178
Better Security
« on: September 24, 2020, 12:45:18 PM »
When a commander or secretary sets up a database user account for a leader, it is common to assign a generic password for the leader to use to get started. However, it also seems common that the leader never changes that password.  This can be a problem, especially if the same generic password is given to everyone starting out. Here are a couple of tips for increasing the security for access to your data:

1. When initially setting up user accounts, do NOT use the same password for everyone! Create a unique password for each person. You will still want it to be relatively easy to get them started, but don't use the same pattern for everyone (like First Name followed by 123). Get creative and use books of the Bible or colors or flowers in combination with unique characters or numbers. It can be simple to remember without being predictable or the same for everyone.

2. Remind users that once they log in with the password they are given, they should change that password. In the Windows App (AWdbRemote.exe), this can be done by clicking on Tools and selecting "Change Password".  In the Web App (app.approvedworkman.com), this can be done by clicking on the User Name in the upper right to access the dropdown menu, then select "My Account" and check the box next to "Update password".

3. If a user forgets a password, an administrator can change the password (following the recommendations above) and tell the user the new password.  In this situation also, the user should be encouraged to change the password once they log in.

4. When creating user accounts: we highly recommend NOT using generic logins (like "Sparks 1" and "Sparks 2"). Each person that uses the database should have a unique login. While the generic accounts may seem efficient, it does not protect the personal data in your database well. It also has the potential for a second person to log in with the same account causing the first person to be logged out. You may have as many user accounts as needed.  The subscription level only limits the number of users that can be logged in at the same time.

5. At this time, the Windows App does not have varying permission levels other than "Admin" and "User" (limits access to certain Admin functions, but allows access to all data). The Web App does have a full range of functionality related to permissions.  We recommend that new user accounts be set up using the Web App. Become familiar with the permission options (see this article on our Web App support page: https://lefflersystems.freshdesk.com/support/solutions/articles/16000055124-how-to-use-db-user-permissions) and use them to restrict/allow access as needed.

Your Awana families trust you with their personal information.  Please be diligent in honoring that trust by adequately controlling access to your database including maintaining appropriate user accounts and permissions as well as enforcing password security.