Back

Client Portal Security

Contents

Introduction

Login Security

Set Default Session Timeout for Clients or Advisors

Dual Factor Authentication (DFA): Security Questions and Phone Codes

Platform Security

Password Security

Create Strong Passwords

Client Portal Password Security

Mobile App Login Options

 

Introduction

Tamarac strives to provide a secure, powerful, and user-friendly platform that enhances your client service. To further protect your clients' data, we offer a variety of security measures.

Login Security

Set Default Session Timeout for Clients or Advisors

Default session timeouts for advisors is 480 minutes (8 hours) and for clients is 15 minutes. For more information, see Session Timeouts.

Dual Factor Authentication (DFA): Security Questions and Phone Codes

You can enhance login security by requiring dual factor authentication upon login. Dual factor authentication requires the user to enter knowledge-based authentication like a password or a security question and enter a code sent to their mobile phone. This helps secure the login by requiring at least two independent credential checks. 

Platform Security

As Software as a Service application, Tamarac maintains the infrastructure for the Tamarac suite of products. This means that Tamarac handles all the IT infrastructure, so you can focus on serving clients and growing your business.

Tamarac hosts its test and production systems at Rackspace Hosting data centers. Rackspace Hosting maintains the highest industry standards with SSAE16 Type II certification and undergoes annual audits.

Password Security

Our password creation process, which includes sending an encrypted link with a set expiration date, is designed to prevent unauthorized parties from accessing your client's email and subsequently creating or changing their portal login password.

Both the password link and passwords you use to access the platform make use of an encryption technique known as hashing. With hashing, Tamarac's servers never actually store either the link or the password, only instructions on how to unscramble them when they are used.

Create Strong Passwords

It is important to ensure that the password created adheres to strong password methodologies to protect from unauthorized logins. When you and your clients create passwords to access Tamarac products, you are required to create passwords with certain characteristics.

Our best practice is to create a password including multiple words that adheres to the requirements.

Passwords must meet the following criteria:

Client Portal Password Security

When you enable client portal access for a client, Tamarac sends the client an email with a link to create a password and, if you required, set up dual factor authentication. This link expires in 72 hours. Tamarac provides you with a countdown timer to track how much longer a password link is active. After 72 hours, the client must ask you to resend a client portal password

If you reset or re-send a password, the client has 24 hours before the link expires.

You can disable client portal access for a client at any time.

Mobile App Login Options

Clients can log in to the mobile app using a username and password, fingerprint recognition, or facial recognition (if supported by the device). For more information, see Mobile App Login Options.