Two-Factor Authentication (2FA) now available for My Docs Online

The option to require two-factor authentication (2FA) for increased login security is now available for all account types other than the legacy Personal Edition. When turned on by the Group Administrator an Authorization PIN will be delivered via email or text (or both, letting the user chose the method each time the user logs in).

Important details include:

  • Delivery of the PIN via email is the basic method, and assumes the email address associated with each user is accurate.
  • Optional mobile numbers may be set by either users or the Group Administrator. Those users with a mobile number set will choose Authentication PIN delivery via email or text at each login.
  • When 2FA is enabled ALL users in multi-user accounts will be required to use 2FA.
  • When 2FA is enabled access will be limited to the browser interface only, as other methods of account access cannot support 2FA. Turning on 2FA means users will not be able to use Web Folders, the Desktop App, or SDK-based batch programs.
  • Administrators should consider running the Two Factor Report found at Group Administration…Tools & Reports to learn what email address is associated with each account and which users have a mobile number set.
  • 2FA does NOT change how the Customer Upload and Share links work.

Administrators use Group Administration…Group Settings…Two-Factor Authentication to turn the feature on or off.

Administrators use Group Administration…Group Users Administration to set or change a user’s email address and mobile number using the Action Menu for a user.

If User Update is set to “Admin or User” then Settings…Mobile Number can be used by each User ID in the group account. Group Administrators also use Settings…Mobile Number to set their own mobile number

Optional Password On Public Upload Feature

Many professionals need a secure way to receive files from their clients, patients, students, customers, associates and the like. MYDOCSONLINE just released an optional password-protected Customer Upload feature. Each account now has a checkbox “Require Password” in the Group Administration–>Group Settings–> Customer Upload plus a field to enter the password. Refer to our screen display below.

The password is visible to make it easier to recall. The password of course must be provided to anyone doing an upload. It is up to the Administrator to communicate the password verbally or secure method to individuals that are uploading files.

If the “Required Password” option is selected then the link changes from cuploadcustom.aspx to cuploadpw.asx. Though, if the regular link is used with the “Require Password” turned ON then the link gets redirected to the password protected link. As a result, there is no need to change the regular link as posted on web pages or sent in emails.

Our public UPLOAD feature is referred to as “Customer Upload” and is enabled for all accounts at start up. Should you not want to use this feature you may simply disable the feature.  The Customer Upload feature permits any file type and any file size to be transferred securely into your account by individual from any computer, laptop, iPad or mobile device. You now can turn ON the new password feature to prevent unwanted files from being uploaded into your account should you make your Upload page visible on a website or public document.

To learn more about our Customer Upload feature click HERE.

This feature is being used by professionals in the loan and financial industries, educational institutions, law and accounting practices to name a few. To better understand how we can help your needs please email [email protected] or give us a call at 239.495.1181.

How is my data stored at MYDOCSONLINE protected?

A common question we get asked by businesses is “How is the data stored in mydocsonline.com protected? 

 

By default all My Docs Online sessions use secure HTTPS and TLS (Transport Layer Security) processing. This ensures that files being uploaded and downloaded across the Internet are encrypted for added privacy.

Files on our servers also employ “Encryption At Rest”. This means that even in the unlikely event that stored files would be misplaced or stolen they are encrypted with AES-256. In addition, the three components of Encryption At Rest (encrypted files, encryption keys, and encryption/decryption processing) are each on separate servers.

The My Docs Online site has several layers of data security to provide access control:

  • The My Docs Online web servers are deployed using a dual-homed configuration, thus providing specialized, application-specific firewall protection to our private network. This extra layer of security is specifically designed to keep your files and other information safe.
  • All user files are safely stored on the My Docs Online private network servers. These servers are machines that are physically isolated from the public Internet, for security purposes.

Physical security is provided by a “hardened” facility providing seamless connectivity, guaranteed uptime, and security.

All files are stored on RAID devices, which in turn are replicated to an additional RAID storage subsystem, providing exceptional data integrity.

By design, files deleted by a user are first marked “pending delete” for approximately 72 hours, during which time they are available for “undelete” by the user. Following this “grace period” all copies of a deleted file are permanently removed from My Docs Online servers. No “backup copies” are kept.

Customers who require backup of their files are provided with tools to back up their files to a server at their location.

My Docs Online does not disclose details regarding hardware or software used, to protect its servers, customer files and information. For security reasons we do not share this type of information but if you do have questions about file security,  or account security then please email us at: [email protected].