Idea ID: 2878285

Security

Status: Under Consideration

We are evaluating several security-related enhancements to the product to both strengthen API Access, as well as user access. We need to implement a legacy mode for API access in order to continue to support legacy REST integrations, 

See status update history

Below are 3 best practices:

1. Apply a "two-factor" method to logins
2. Where ID’s and passwords are manually assigned, on first signin, users need to be required to change their passwords
3. Rest/API accounts are completely separate from the application and require public/private key pairs for access. Rest/API accounts should never be able to obtain application access.

Tags: