Skip to main content

General security policy

The Contactlab platform allows users to create reliable and secure passwords and to store and use them correctly. Below are the main policies adopted.

  • Maximum Password Age
    Users can keep a password for up to 3 months before they need to change it.
    Starting 20 days before the password expires, users are regularly reminded to change it.
    Likewise, users are reminded to change their password if they haven’t accessed the platform for more than 1 month.
    If users do not change their password within 1 month, access is suspended. Subsequently, it can only be reactivated by Customer Service or by someone within the same company with administrator permissions.

  • Minimum Password Length
    Passwords must be at least eight alphanumeric characters long.

  • Password Verification
    Password verification allows tracking of all password change events. Monitoring these changes makes it easier to track potential security issues. This helps ensure user accountability and provides evidence in case of a security breach.

  • Password Encryption
    All passwords in the system database are encrypted.

  • Password-Related Events Logging
    All activities related to failed logins, password recovery, password changes, etc., are logged and can be easily accessed in the Profile > Activity History section.

  • Wrong Username and Password
    Refer to the next chapter for more details.

  • Password Recovery
    In case of a forgotten password, a reset link can be obtained via the email address associated with the user on the Contactlab platform. The reset link leads to a password recovery page where the user can enter a new password. The reset link expires within 24 hours.

If a user attempts to access the platform from another country or from locations far from their usual one, additional verification will be required through a PIN or OTP code:

  • The PIN is sent via email.
  • The one-time code (OTP) is generated in real-time and sent via SMS to the pre-verified mobile number.

Attention points

  • If the wrong PIN is entered 5 consecutive times, the account will be locked. If the user stops after the fourth attempt and waits at least 30 minutes, the counter will reset, and five more attempts can be made. However, the global counter limits the user to a total of 15 attempts before the account is locked.
  • If the wrong OTP is entered 50 times, the account will be locked.
  • Once an account is locked, only Customer Service can reactivate it.

The following conditions apply to SMS OTPs:

  • A maximum of one OTP can be requested per minute.
  • Only the last three OTPs are valid.