Peakon provides different security options to make sure that the access to your account is safe and protected. We recommend the following best practices to reduce the risk of a security breach.
Enforce stronger passwords
Peakon uses the zxcvbn library to ensure your password complexity meets the security standards. It uses a set of algorithms to estimate the number of guesses required to successfully find a password.
Peakon's password validation ensures that passwords aren't guessable in less than 10,000,000,000 attempts. When entering a new password in Peakon, a message will inform you of your password strength.
Your password must not contain:
- Your user ID, first name, last name or email address in the password.
- The words "peakon" or "workday".
- Characters in sequence, either in the alphabet or on the keyboard, e.g. "abcde", "12345" or "qwerty".
- Very common password phrases, e.g. "P@ssword1".
Set up two-factor authentication
Setting up 2FA helps secure your account against attacks, because you'll require both your password and an authentication code sent to your phone through Authy. See Set up two-factor authentication (2FA) for instructions.
Monitor active sessions & account history
Your active sessions and activity history are available in the Security tab in your profile area.
You can click Log out of session to end an active session.
The account activity history section displays different account events. Example: survey or schedule updates, integration changes, and dashboard access. Each event displays the time, browser/OS, location and IP address.
If your organization uses a VPN for web browsing or link-checking software for emails, this page can display additional account activity.
Consider single sign-on (SSO)
If you're an administrator, consider configuring SSO for your organization and mandating it as the only sign in option. This enables users to authenticate against an external directory first, and gain access to Peakon through the directory's listed apps. See Set up single sign-on for instructions.
Monitor dashboard sharing settings
If you've shared your dashboard with your team, you can revoke access at any time and regenerate the link by going into the Sharing options module.
Administrators can access all shared dashboards (and revoke them if needed) by going to Administration > Data settings > Sharing.