Formcentric’s integrated security settings give you a systematic and reliable way to manage accesses and confidential areas within your environment. This article helps you to implement the recommended precautions where needed to ensure optimum account security.
Checklist: secure admin settings
Activate two-factor authentication (2FA)
Activate two-factor authentication for all users – and especially for administrator accounts. Access is still protected even if passwords become compromised, because attackers will also need the 2FA code to log in successfully. → Activating two-factor authentication
While interfaces enable powerful automation, they also entail certain risks. You can secure API access effectively by taking certain precautions:
Separate API clients per application Create individual API clients for various use cases for targeted, controlled access. → Creating API clients
Schedule regular rotation of client secrets Reset the client secrets for your active clients at fixed intervals, e.g. every 90 days. → Resetting Client secrets
Log all usage – with human-readable names Use meaningful names for your API clients (e.g. ‘CRM Integration’, ‘Web form XY’) and track where and how the associated credentials (client ID and client secret) are being used. This significantly simplifies maintenance, rotation and troubleshooting.
Deactivate or delete any clients no longer needed Make sure that you deactivate or remove any API clients that are outdated or no longer in use. → Deleting API clients
Tips for form security
Secure connections between forms and external websites are essential – especially as a precaution against misuse and manipulation. Keep the following in mind:
