We provide various options to increase your account security, both as an individual user, but also for your organisation account(s) that you might manage or be able to perform certain actions in.
You can review your personal account security settings from your personal dashboard. A menu provides access to a number of different pages.
This table shows the date and time of certain activities you have performed, including logging in, issuing certificates, editing certificates, etc.
This is a list of your current active sessions, showing devices in which you are logged in to BlockMark Registry. For example, if you are logged in on both a laptop and a smart phone, you will see two entries.
The location information may not be accurate as it is based on the IP address of your device and whether that resolves to a geographic location. This may be your Internet service provider rather than where your device is physically located.
It is good practice to logout from a session when you are finished. You can end a session on another device from this table. You can also set your account to automatically log out of all devices after a period of inactivity.
If you don't recognise a session, or one keeps appearing that your are sure is not you, your password may have been compromised. End the session and change your password immediately. You should also enable two factor authentication if this feature is not already in use.
You can set-up two factor authnetication (2FA) to make your account security stronger. We make use of codes (tokens) that appear on authenication apps like Google Authenticator or Microsoft Authenticator that you use on your smart phone. This is more secure than sending you an SMS or email, as both these methods can be compromised.
After setting this up, we also provide some back-up tokens personal to your account that you can download and store securely for use when your authenticator app is unavailable. This can happen if you lose your phone or change jobs.
If you are locked out of your account because you no longer have access to your authenticator app or back-up tokens, you will need to contact us. We will ask some security questions to establish your request is bona-fide and then we can reset your 2FA requirement so that you can log in and set 2FA up again.
You can set a period of inactivity whilst acting in a personal capacity, after which you will be logged out of the platform.
If you are also a member of an organisation, there is a different inactivity period that can be set in the organisation settings. This applies for when you have switched account and are performing a role for that organisation.
You can change your password by entering your old password and your new password.
Your password must be at least 8 characters long and cannot be just numbers. We also check it against a dictionary of common passwords and your user information to check that it is not too similar.
We recommend that you use a long password of upper and lower case letters, numbers and symbols, or a long sentence of different words. You can use a password manager to suggest and store the password. You should use a new password for each service, so the one you use here should not be in use anywhere else.