Security best practices

Peakon provides different security options to make sure that the access to your account is safe and protected. We recommend the following best practices to reduce the risk of a security breach.

Peakon uses an advanced algorithm called zxcvbn, developed by Dropbox. It uses a set of algorithms to estimate the number of guesses required to successfully find a password.

There are no explicit rules on length, uppercase/lowercase and symbols like other password requirements. When entering a new password in Peakon, the error message will help you pick a strong password and explain why a given password is not secure enough. 

In addition, the following is not allowed to be included in the password:

Peakon requires that the password must not be guessable in less than 100,000,000 attempts. Coupled with the login-retry policies in Peakon, that ensures that it will take around 200 years on average to guess a password.

We recommend not sharing your email address and passwords with others, to avoid any security breach. Beware also of the many social engineering methods out there that manipulate users, so they provide their confidential information such as passwords or get computer access via malicious software.

When using the standard authentication method it is possible to change the password by going to your profile and click on Change password tab. 

If you don't remember your password, you can get a new one by clicking on Forgot Password?, which will prompt the user to submit the email address, and the system will send an email containing the link to reset the password. 

In the case you are using Single Sign On, a third party authentication system, you can reset your password through this service instead. 

It is possible to set up Two-factor authentication (also known as 2FA or MFA) method to login into your Peakon Dashboard. This helps secure your account against attacks, as you'll require both your password and a login code that will be sent to your phone, through Authy app.

To set it up, follow these steps:

Any user can review active sessions in their own Profile under Security > Active sessions, which shows detailed information of the current sessions across different devices. it is possible to terminate a specific session listed, by clicking Log out of session. Doing this, will log out the user authenticated through that specific session.

In your profile under Security > Your account activity history,  you can monitor different account events such as survey/schedule updates, integration changes, dashboard access. The events are tracked by time, browser/OS, location and IP address and allows you to track many of the important updates happening in your account.

In addition to the default authentication method provided by Peakon, it is also possible to configure Single Sign-on, which authenticates users from your own external database and can replace any other login option. This allows users to login with the same credentials across multiple application and services. For users, this means that they will be prompted to authenticate against an external directory first, and then they can gain access to Peakon through the directory's listed apps. You can read more on how to configure single sign-on in Single sign-on overview.

Dashboards can be easily shared to employees through a generated link. It is a good practice to revoke access to these dashboards if you believe they have been shared outside of your organization. Administrators can revoke them by going to Administration > Data settings > Sharing tab and click Revoke all or Revoke next a specific dashboard.

It is recommended to review user access to the organization's dashboard at least once a month to ensure that the Access Control groups are up to date and that employees who have left the Company, are not granted access anymore.