Recommended Privacy & Security Settings

CMNTY Platform is a diverse tool and can, therefore, be used in several ways to achieve different goals. Although you are free to choose and combine various functionalities to meet the purpose of your community, we would like to provide you with a couple of guidelines that will help you determine a combination of functionalities and tools that will allow for the most valid approach to data acquisition.

Privacy

In terms of privacy, you can set profile field permissions to hide/show user information based on the viewer’s user role, and manage a user’s ability to do things like update their email, sign off, and opt out of newsletters. Below are some recommended settings:

  1. Go to the Admin section of your platform.
  2. Choose Participants at the top menu.
  3. Choose Users > User Management at the left menu.

At Settings, we recommend you to:

  • Allow participants to change their email.
  • Allow participants to sign off of the platform.
  • Allow participants to opt-out of the newsletter.

At Profile fields, we recommend you to:

  • Configure profile fields (where to display them and whether or not they are required).
  • You can set profile field visibility to OFF, so only Moderators can see them and participants won’t.

At Profile Field Permissions, we recommend you to:

  • Configure which users can see specific profile information based on the viewer’s user role.
  1. Go to Configure at the top menu in Admin.
  2. Choose Default messages at the left menu.

At Terms & Conditions, we recommend you to:

  • Use platform Terms & Conditions to inform participants about security settings and the use of cookies.

Security

In terms of security, you can enforce authorization security and guard against brute force attacks, create a password policy to ensure secure passwords, and set rules to govern user sessions. Below are some recommended settings:

  1. Go to Configure at the top menu in Admin.
  2. Scroll down in the left menu and click Security.

At Authorization Security, we recommend you to:

  • Set the Login Attempts Allowed to 3 times (default).
  • Set the Login Lockdown Time to 15 minutes (default).

At Password Policy, we recommend you to:

  • Set the Password Expiration to 90 days (default).
  • Set the Minimum Password Length to 10 characters (default, but we recommend a length of 16+).
  • Set the Prevent Password Reuse to 3 times previous iterations (default).
  • Require: Uppercase, Lowercase, Number, and Non-Alphanumeric (default).

At Session Security, we recommend you to:

  • Set the Session Duration to 2 hours (default). You could improve security by lowering this number, but then you may create a slightly more frustrating user experience by forcing people to continually log in.

These guidelines are also compatible with the conditions set by ISO regarding market, opinion and social research (ISO 20252) and access panels in market, opinion and social research (ISO 26362).