What’s new

July 2018 - version 6.2.0

The location information associated with your IP address has been updated to show a country flag 🇬🇧 and the name of your internet service provider (ISP). For those of you who work at large organisations the location shown is often related to the ISP rather than you.

Mobile numbers and security codes are now redacted when an administrator views the audit log.

June 2018 - version 6.1.0

A timezone setting has been added to user accounts so you can see times in the Access interface (such as times of your recent log ins) in your own timezone.

Some people were getting the test and live environments mixed up. A warning is now shown on the log in page for test systems to hopefully reduce confusion.

Some tweaks were made to the security code text messages for compatibility with North American mobile networks.


March 2018 - version 6.0.0

This update is all about security, making it easier for you to keep your account secure and recover from that common modern affliction – forgotten passwords.

Forgot password screen

You can now recover your own password using the Forgot your password? link on the log in page, provided you have added a back-up email or mobile phone number to your account to receive security codes. If you haven’t done this you can still ask an administrator to reset it for you.

We’ve added a help page on ways you can keep your account secure. Check it out for some hopefully helpful advice.

No more forced password changes (maybe)

Security guidance has finally caught up with common sense and heavy-weight bodies such as NIST in the US and the UK Government now advise against periodic enforced password changes. Why? Because making passwords expire means people tend to forget their new passwords, pick simple variations on their previous password, and are more likely to write them down on a sticky note.

Unfortunately some standards such as 21 CFR Part 11 contain requirements to enforce regular password changes, and so we have made this a trial level setting. We’ll be asking customers whether they need to enforce regular password changes when we set up new trials. Customers can also ask us to turn off enforced changes for existing trials.

Watch over your account

Globe

We’ve added a recent log ins section to the My account page which shows where and when you logged in from. If you think something suspicious is going on, this is the first place to check. We also show you the last time you logged in when you log in.

We now send you emails when things change concerning your account including:

  • Changed account information
  • Changed password
  • Account suspension because of too many failed log in attempts

If you see any of these emails when you weren’t expecting them, you should channel your inner Sherlock and investigate.

Other changes and bug fixes

  • Older versions of Access are being retired and user accounts will be migrated to the latest version. We’ll be in touch with customers affected by this change with more details.
  • We’ve refreshed the way Access looks, and reduced the space each trial takes up on the trials summary page
  • Search added to the trials summary page when there are more than 3 trials. Pagination added with 12 trials per page.
  • User’s can now change their own name (an administrator had to do it before)
  • Deleted roles and notification accounts are now shown in the audit log
  • The dictionary used to check for weak passwords has been interfrastically updated
  • Invitation links are now sent to new users rather than passwords. Invitations expire after 2 weeks but can be renewed by administrators or cancelled.
  • Subject entered forms invitation links now always take the user to a welcome screen with a button to start the survey (previously this screen was only shown if a memorable word was set). This prevents issues with email previews or virus checkers visiting links and inadvertently logging in as a subject.
  • A subject who has logged out after entering forms is shown a finished message and no longer shown the usual user log in page if they try to visit a protected page
  • Log in throttling should help prevent bad guys from trying automated password guessing to break into accounts
  • We fixed an issue for users with longer timeout intervals for their trials. Access now also respects these longer timeout intervals so you can enjoy being logged in for longer.
Page updated 26 Jul 2018 13:13