Tivian Security Reminder FAQ
The Tivian IT Security Team has prepared this document to remind you of key security measures for your Tivian DXI - Enterprise Feedback Suite installations. It focuses on:
Password Management
Multifactor Authentication (MFA or 2FA)
Updated Captcha for Panel Websites
Online security is a collective responsibility. Together, we can reduce the likelihood of your Tivian installation becoming a target for malicious activity.
What should I do if I have questions after reading this document?
If you have any questions, please reach out to your Tivian contact. Alternatively, visit the TivAI support resource at tivian.com/tivai.html for detailed “How To” guides.
What changes are coming in the upcoming Tivian 24.2 release?
In the upcoming 24.2 release, Tivian will reset the minimum password lengths to at least 10 characters. If you would like this length to be increased for your installation(s), please raise a support request at www.support-tivian.com.
What changes are planned for future Tivian releases?
In future releases, Tivian will enable MFA by default for all administrators.
Password Management
What are the current password requirements?
As of September 2023, Tivian’s IT security team has defined the minimum EFS password length in the Tivian Password Policy as follows:
User accounts: minimum 10 characters
Tivian strongly recommends enforcing these minimum standards, especially for privileged accounts.
Why is increasing password length important?
Increasing the minimum password length from 8 to 10 characters significantly enhances security, increasing the security factor by 8,836 times. Moving from 8 to 16 characters boosts the security factor by 6,095,689,385,410,816 times.
Can EFS admin users change password expiry dates?
Yes, EFS admin users can change the password expiry date. If your organization has specific time periods or password policies, Tivian support can assist you in implementing these.
How can admins force a user password reset?
Admins can send a password reset nudge email to users.
Set the password expiry data and click the Mail icon under Actions to send the user a password reset mail.
For detailed steps, refer to the TivAI prompt: "How do I send the user a password email to reset the password?"
Multifactor Authentication (MFA)
What is MFA and why is it recommended?
Tivian introduced authenticator app-based MFA for Panel websites and Admin users in release 24.1. It is highly recommended to enable MFA for panelists and all EFS admin users. This will be the default setting for all new customers in the next release.
How do I activate two-factor authentication for the panel website?
Navigate to the Website section and select the website you want to configure. Scroll down the the area Login and configure the two-factor authentication.
For further instructions, refer to the TivAI prompt: "How do I activate two-factor authentication for the panel website?"
How do I activate MFA for my administration account?
For instructions, refer to the TivAI prompt: "How do I activate multi-factor authentication for my account?"
Which authenticator apps are compatible with EFS?
Compatible authenticator apps for use with EFS include:
Google Authenticator
Microsoft Authenticator
2FA Authenticator (2FAS)
Authy
For more details, see the EFS Online Documentation.
Captcha
What changes have been made to Captcha features on panel websites?
On panel websites using the Responsive v2 layout, the previous CAPTCHA implementation has been replaced by ALTCHA, a modern, free, open-source alternative. ALTCHA is GDPR compliant, does not use external services, cookies, or fingerprinting, and does not track users.
How do I activate Google reCAPTCHA v2?
To activate Google reCAPTCHA v2, select the option from the drop-down menu "Use CAPTCHA plugin" on the Registration page, enter your site key and secret key, and click Save.
Additional Information
Where can I find more detailed guides?
Visit tivian.com/tivai.html for comprehensive “How To” guides and additional support.
Who should I contact for further assistance?
If you need further assistance, please contact Tivian support at www.support-tivian.com.
Thank You
Thank you for your attention to these important security updates. Stay safe!
© 2024 Tivian XI GmbH