Recommended Privacy & Security Settings

CMNTY Platform is a diverse tool and can therefore be used in several ways to achieve different goals. Although you are free to choose and combine various functionalities to meet the purpose of your community, we would like to provide you with a couple of guidelines that will help you determine a combination of functionalities and tools that will allow for the most valid approach to data acquisition.

Privacy

In terms of privacy, you can set profile field permissions to hide/show user information based on the viewer’s user role, and manage a user’s ability to do things like update their email, sign off, and opt out of newsletters. Below are some recommended settings:

  1. Go to the Admin section of your platform.
  2. Choose Configure at the top menu.
  3. Choose Users at the left menu.

At User profiles, we recommend you to:

  • Allow members to change their email.
  • Allow members to sign off of the platform.
  • Allow members to opt out of the newsletter.

At Profile fields we recommend you to:

  • Configure profile fields (where to display them and whether or not they are required.
  • You can set profile field visibility to OFF so that only Community Managers can see them and members won’t.

At Profile Field Permissions we recommend you to:

  • Configure which users can see specific profile information based on the viewer’s user role.
  1. Go to the Configure page at the top menu.
  2. Choose Default messages at the left menu.

At Terms & Conditions we recommend you to:

  • Use platform Terms & Conditions to inform members about security settings and the use of cookies.

Security

In terms of security, you can enforce authorization security and guard against brute force attacks, create a password policy to ensure secure passwords, and set rules to govern user sessions. Below are some recommended settings:

  1. Go to the Configure page at the top menu.
  2. Scroll down in the left menu and click Security.

At Authorization Security we recommend you to:

  • Set the Login Attempts Allowed to 3 times (default).
  • Set the Login Lockdown Time to 15 minutes(default).

At Password Policy we recommend you to:

  • Set the Password Expiration to 90 days (default).
  • Set the Minimum Password Length to 10 characters (default, but we would actually recommend a length of 16+).
  • Set the Prevent Password Reuse to 3 times previous iterations (default).
  • Require: Uppercase, Lowercase, Number, and Non-Alphanumeric (default).

At Session Security we recommend you to:

  • Set the Session Duration to 2 hours (default). You could improve security by lowering this number, but then you may create a slightly more frustrating user experience by forcing people to continually log in.

These guidelines are also compatible with the conditions set by ISO regarding Market, opinion and social research (ISO 20252) and Access panels in market, opinion and social research (ISO 26362).

Was this article helpful?

Related Articles