New: Security and Privacy


Charles

IPS is always auditing our software to improve security at the code-level but these improvements are not really visible to you even though they protect your site all the time. We are implementing some new features that you can use to enhance the security and privacy of your site. Many of these features depend on your personal preferences, local laws, or the policies of your own organization. Here is a list of what's new:

Birthday Control

Profiles 2016-11-17 fvqkm.png

You may wish to make birthday viewing only show to admins or you can completely disable prompting for a birthday if you consider that information sensitive.

Member Delete Name Retention

When deleting a member in the AdminCP, if you choose to keep their posts the system currently names the posts with a display name of "Guest user" where user is the previous display name of the member you deleted. You can how choose to retain their name in posts or not so you can either have it as it is now or simple "Guest" on member delete.

Password Strength

Registration - IPS Community Suite 2016-11-17 e8vkz.png

Password Strength

You now have two new options for password: show a strength meter and require strong passwords. You can choose to either just show the meter as a suggestion or you can also choose to enforce a password strength. You can choose between three levels of password enforcement parameters depending on how strict you choose to be.

Guest Terms Banner

A Test Forum - IPS Community Suite 2016-11-17 qvshe.png

Guest Terms Banner

There is a new option to show a guest terms of service banner when a new visitor first visits your site. You can set the text shown in the display and you can also put in two special tags to automatically link to your Terms of Service or Privacy Policy page.

Age Restrictions

Registration - IPS Community Suite 2016-11-17 11s3j.png

Age Prompt

We have always had COPPA support in the Suite but we have extended this to be a more generic age restriction feature. You can now set your site to reject registrations from anyone under a certain age you specify. For privacy, the birthday entered on registration is only used to calculate permission and is never stored.

 

This change will be in version 4.1.17 which is scheduled to be released in early December 2016.

Edited by Charles




User Feedback


I'd like to see support for 2-factor authentication (via text message) with the ability to enable this option for specific groups (e.g., admins and moderators must authenticate via text message while members may choose to enable/disable on their own accounts).

nodle, Mark, ADKGamers and 1 other like this

Share this comment


Link to comment
Share on other sites
Quote

Member Delete Name Retention

When deleting a member in the AdminCP, if you choose to keep their posts the system currently names the posts with a display name of "Guest user" where user is the previous display name of the member you deleted. You can how choose to retain their name in posts or not so you can either have it as it is now or simple "Guest" on member delete.

How about letting us fill in an optional name of your choosing as one of the options? It would both change the name to make them "anonymous", but also make it easier to distinguish deleted members. 

RObiN-HoOD likes this

Share this comment


Link to comment
Share on other sites

SMS 2FA is certainly better than just simple password authentication and most large sites offer this an option to its users. It certainly isn't the ultimate security feature, especially if you are the federal government, but I sign up for 2FA authentication for any site that has my credit card on file or has access to my bank accounts.

Besides, offering 2FA authentication to users gives the impression that the site is worried about security and privacy and is taking the usual measures to prevent unauthorized access to your account and personal information.

Edited by KT Walrus
RObiN-HoOD and SammyS like this

Share this comment


Link to comment
Share on other sites

The birthday visibility option is a really good idea especially with identity theft being such a growing concern these days. May I suggest additional option of allowing members to decide if they want it public on their profile? 

d2dyno and ZeroHour like this

Share this comment


Link to comment
Share on other sites
On 11/19/2016 at 7:01 PM, The Old Man said:

The birthday visibility option is a really good idea especially with identity theft being such a growing concern these days. May I suggest additional option of allowing members to decide if they want it public on their profile? 

+1 to this, if we allow it to be shown publicly members should choose if they want that or not, the importer should ideally pull that from vbulletin imports as well.

The Old Man likes this

Share this comment


Link to comment
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Latest Releases