Back |
|
Client Portal Security
Set Default Session Timeout for Clients or Advisors Dual Factor Authentication (DFA): Security Questions and Phone Codes |
Tamarac strives to provide a secure, powerful, and user-friendly platform that enhances your client service. To further protect your clients' data, we offer a variety of security measures.
When you send a portal activation email or a password reset email, your clients will receive a secure link that expires 72 hours after the link is generated.
We enhance login security to prevent unauthorized logins or account break-ins by allowing you to enable dual factor authentication to add another layer of security when clients log in.
We safeguard the security of our platform and your data stored on our servers by maintaining all data in secure data centers.
Default session timeouts for advisors is 480 minutes (8 hours) and for clients is 15 minutes. For more information, see Session Timeouts.
You can enhance login security by requiring dual factor authentication upon login. Dual factor authentication requires the user to enter knowledge-based authentication like a password or a security question and enter a code sent to their mobile phone. This helps secure the login by requiring at least two independent credential checks.
For more information on dual factor authentication, see Require Challenge Questions or Mobile Phone Codes to Sign In (Dual Factor Authentication).
For details on dual factor authentication for clients, see Manage Dual Factor Authentication for Your Clients.
For details on dual factor authentication for firm users, see Manage Dual Factor Authentication for Firm Users.
As Software as a Service application, Tamarac maintains the infrastructure for the Tamarac suite of products. This means that Tamarac handles all the IT infrastructure, so you can focus on serving clients and growing your business.
Tamarac hosts its test and production systems at Rackspace Hosting data centers. Rackspace Hosting maintains the highest industry standards with SSAE16 Type II certification and undergoes annual audits.
Our password creation process, which includes sending an encrypted link with a set expiration date, is designed to prevent unauthorized parties from accessing your client's email and subsequently creating or changing their portal login password.
Both the password link and passwords you use to access the platform make use of an encryption technique known as hashing. With hashing, Tamarac's servers never actually store either the link or the password, only instructions on how to unscramble them when they are used.
It is important to ensure that the password created adheres to strong password methodologies to protect from unauthorized logins. When you and your clients create passwords to access Tamarac products, you are required to create passwords with certain characteristics.
Our best practice is to create a password including multiple words that adheres to the requirements.
Passwords must meet the following criteria:
Passwords must not contain your email address or parts of your full name that exceed two consecutive characters.
Passwords must be a minimum of 12 characters.
Passwords and must contain characters from three of the following four categories:
Uppercase letters (A - Z)
Lowercase letters (a - z)
Numbers (0 - 9)
Non-alphanumeric ( !, $, #, %, etc. )
When you enable client portal access for a client, Tamarac sends the client an email with a link to create a password and, if you required, set up dual factor authentication. This link expires in 72 hours. Tamarac provides you with a countdown timer to track how much longer a password link is active. After 72 hours, the client must ask you to resend a client portal password.
If you reset or re-send a password, the client has 24 hours before the link expires.
You can disable client portal access for a client at any time.
Clients can log in to the mobile app using a username and password, fingerprint recognition, or facial recognition (if supported by the device). For more information, see Mobile App Login Options.