SECURITY, POLICies & Administration

Identity Protection Code 

The user starts DEXDash™ with the entry of a Identity Protection Code. This is a secret word, phrase or string of characters that can be as long as  the user likes as long as it can be remembered. It is completely unique to the user and should be protected, and never divulged to anyone.  

Another way of thinking about this value is that it can be thought of in the context of a banks ATM PIN.  However, your access code can be any variation of letters, number or special characters, whereas the ATM PIN is only a string of numeric values.

The Identity Protection Code value is MUST BE remembered by the user.  If forgotten, the data cannot be accessed, not even by the development company.

Your data is uniquely encrypted, "fingerprinted" with this identity code. If your system data is stolen, compromised or otherwise exposed by nefarious means , it cannot be accessed without the entry of this value. 

User Name & Password

A user logs into the app in using a user name and password. However individual customers have individual requirements that can vary enormously from one customer to another. In addition the platform being used (desktop or web) may have special requirements that need to be supported.

Secwin enables logins to be as powerful, safe, and as feature-rich as possible - while at the same time making them easy enough to setup and use by mere humans has been a challenge. The result though is the most comprehensive login system available for a PC application in the world. 

All facets of the login system can be controlled at runtime so each customer can configure it to their own needs and policies. These features include;

• No logins at all - Users can choose to make the system loginless.
• Passwords are stored as Salted-Hashed values, not as encrypted text, in accordance with all current best practices.
• Second Factor Authentication using SMS or Email with Customer Defined Policies. When to require the second factor is a crucial element here, with options including every time, only on new devices, or on a time-based system.
• Active Directory support for those customers with an Active Directory server. This allows for password, or password-less logins against an Active Directory server, and also an optional In-Group setting on the server. This gives Active Directory Administrators complete control over who can use the program.
• Guest Logins (with pre-defined guest accounts) can be added. These have a user name, but no password, and usually have limited program access rights.
• Customer-defined password policies allow each customer to determine the password requirements for their users. Interesting options here include the prevention of password-reuse, and also the unacceptance of passwords that are commonly used by people. (So no 1234 or password weak passwords.)
• Customer-defined Lockout policies allow the user to determine when a user account will be locked (and for how long it will be locked) if multiple incorrect passwords are entered.
• Password Resets via SMS or Email
• Users can create new accounts (i.e. self sign-up) and be given default access rights.
• Multi-tenant support with either unique-user or company/user logins.

• All sensitive information in the data tables are stored encrypted and cannot be altered (or deciphered) by unauthorized programs.

• Unencrypted fields are tamper resistant - editing them in an external program will make the data unusable.

• Tables make use a of 5-secret system meaning that data can be bound to a specific program, specific table, or specific customer.

• All secure information in the tables can be extended without changes to the file structure. This means that (for example) new security policies (and new settings) can be introduced and no file conversion is required.

• DEXDash™ data is stored encrypted, in conformance with United States and various international privacy laws.