Security

This page explains the various security features of the Access log in system and how you can help keep your account secure.

Recommendations

1. Choose a strong password that you do not use elsewhere.

Passwords must be at least 8 characters long and sufficiently complex to be labelled at least Acceptable strength by the password strength indicator. Some complex passwords are suggested above the new password box.

Tip: two or three word phrases are generally stronger than single word passwords especially if one or more of the words is not in the dictionary. Create non-dictionary words by adding digits or punctuation.

2. Use a password manager

Password managers

A password manager helps you create and store secure passwords for all your online accounts. Many integrate with your web browser to make filling in password fields easy. Even if you are using a work PC on which you can’t install password manager software, you can still use a mobile app on your phone to help you create and remember passwords. Popular password managers include 1Password, LastPass and Dashlane.

3. Add a backup-email or mobile phone number

By adding a backup-email or mobile phone number to your Sealed Envelope account you will be able to use the self-service password reset feature if you ever forget your password. If you don’t, you will need to contact an administrator to reset your password instead.

Reset password email

We will send you an email notification if any of the following occur:

  • The reset password feature is used for your account email address. This will contain instructions on how to reset your password.
  • Your password is changed. Only you can change your password so if you receive this email unexpectedly you should report it to a trial administrator or Sealed Envelope for investigation.
  • Your account details such as name or email address are changed. You can do this on the My account page or an administrator can make these changes for you. The notification will be sent to both your old and new email addresses (if applicable). If you are not sure why the changes have been made you should contact a trial administrator.
  • Your account has been suspended because too many log in attempts have been made. If you receive this email unexpectedly it may be a sign that someone is trying to break into your account by guessing your password. If you think this may be the case please contact a trial administrator or Sealed Envelope for investigation.

5. Check your recent log ins

You should check your recent log ins on the My account page regularly and report any suspicious activity from unknown locations or web browsers.

About enforced password resets

In the past it has been generally considered good practice to regularly change passwords and this has fed through to regulations (such as 21 CFR Part 11) and corporate policies. However, it is increasingly recognised that this practice might be counter productive and several influential bodies including NIST and the UK Government now advise against periodic enforced password changes.

Sealed Envelope support enforced password reset intervals at the trial level but by default this setting will be off. We recommend it is not used unless your trial has to comply with 21 CFR Part 11 or your own corporate policies. Trial administrators should contact Sealed Envelope if they require a password reset interval to be set.

Page updated 24 Mar 2018