Dashboard Security

There are a number of security features available for the Dashboard including:

Two-Factor Authentication

Enter the username, password and authenticator security code to login.

IP Addresses Restriction

Require verification for logins from new IP addresses or only allow access from specific IP addresses.

Disable or Enable Agent Key user Dashboard access

Prevent the Agent Key (contained in the registration email) accessing the Dashboard and easily manage each staff user from Settings > Users

Session Timeout

Automatically ends the session where the user has been inactive for the specified timeout period.

Lockout Mechanism

Dashboard 5.42.3 introduced a lockout mechanism to help prevent brute force attacks,

This comes into effect after fifty consecutive login failures with the user and IP address blocked for a five minute period, the account is automatically unblocked after five minutes of complete inactivity for that user and from that IP address.

Where this lockout period is triggered we would suggest ceasing activity for 10 minutes and then retry accessing the Dashboard.

Disable IP Verification for specific Two-Factor Authentication Users

From Dashboard 6.41.2, we have included the option to Disable IP Verification at the user level where the user has 2FA enabled. This allows the user to access the Dashboard from a new IP address without going through the IP address verification process.

HTTPS Redirects

For additional security when accessing the Dashboard over HTTP the user is automatically redirected to HTTPS (unless using a custom dashboard.domain.name URL).