Practice Protect – Recommended Security Settings
During your onboarding journey with Practice Protect, our Product Engineers create your custom Practice Protect Portal. All portals are built and configured to include the below recommended security settings.
1. Multifactor Authentication setup (OTP, Text/SMS)
MFA is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login. MFA is an essential component of a strong identity and access management (IAM) policy. Rather than only requiring a username and password to login, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber-attack. Practice Protect uses Authenticator Applications (OTP) or SMS.
2. National or Specific Country Geo-locking
Geo-locking is the process of limiting user access (to Practice Protect and thereby company and client applications and data), based on their physical location. Geo-locking locks the users access to Practice Protect to a specific country e.g. Australia or Philippines.
3. IP Blocking
IP address blocking is a configuration of a network service that blocks requests from hosts trying to access Practice Protect from unauthorised IP addresses. IP address blocking is commonly used to protect against brute force attacks and to prevent access by a disruptive address. With this, users can only access Practice Protect via a specific static IP address (or range) that is whitelisted in the platform.
4. Mandatory Password Reset
Mandatory Password Reset is a policy that invalidates the users current password for the Practice Protect Account every 90-days and prompts the user to create a new password with special requirements.
5. Session Timeout
Session timeout is used to determine how long a device may remain authenticated before authentication must be performed again. The default for Practice Protect is 10 hours regardless of user activity. When the session timeout occurs, the next time users attempt to launch an application from the portal, it will revert the user back to the login page to login using MFA.
6. Limited login attempts
This function tracks user login attempts and after 5 failed login attempts, locks the Practice Protect account. This prevents hackers or automated bots from using any brute force attacks. Unlocking the account can be done in the admin portal of Practice Protect.