Why do I need to worry about security?
Wiredrive offers a group of security-focused features and policies within the application. However, even with all of the forward security functionality that is built into the application, it is still critical that users adhere to certain security best practices, to ensure the most secure experience across the board.
Remember, most security leaks are a result of poor planning within organizations in regards to things such as password strength and sharing of accounts. Follow these security-related best practices to ensure the best and most secure experience when using Wiredrive.
Passwords
Wiredrive offers SSL login and encrypts passwords on our database in line with the OWASP Password Storage Best Practices. This will not prevent unauthorized access due to a poorly selected or weak password. Wiredrive requires that all passwords within the system be at least ten characters and that they are not the accounts name, nor can they be the users first, last, or username. The exception is current presentation passwords as these should be protected by not difficult to type.
What is a bad password?
In short, a bad password is one that is:
- Easily guessable (Ex, a pet, child, or nickname.)
- Incredibly common (See a list of the 100 most common passwords from a recent Adobe breach.)
- Flat out bad (Ex. password1, qwerty, 123456).
What is a good password?
From a security standpoint, a good password is one that is hard to remember, and we encourage all Wiredrive users to select a password that is:
- A combination of alphanumeric characters. Alphanumeric characters consist of letters, numbers, punctuation marks, mathematical and other conventional symbols. Ex: B!GL3Bow$k1! or N3v3RG0nn@G1v3y0u^
- Not used anywhere else. For example, don't use your Facebook password for your Wiredrive login.
- For the love of all things holy, do not share your login with other users or use a shared login. Not only does this compromise security, but anything the other user does is going to point to your account. Sharing a single login is never recommended.
If you have trouble keeping track of your passwords, there are programs such as One Password where you can securely store your passwords for easy access.
Sending Presentations
The Wiredrive application is built so that users can share media. Sometimes, there is going to be media which needs to be shared with a select group, or shared briefly, then expired. While having a strong password and keeping your login details private is part of the solution, if you share media with someone that shouldn't have access to it, you're gonna have a bad time.
To ensure that your media does not get shared with the wrong people, or fall into the wrong hands, we have the following features:
- The ability to disable the download of files in presentations. You can disable the "download/podcast" option in both Projects and Library Presentations. You can also disable the forward button from the send form, which prevents end users from forwarding Presentations via Wiredrive.
- The ability to expire presentations that have already been sent. Expiring a presentation immediately kills the presentation link and any further clicks will take the user to a "presentation has expired" page.
- A password protected presentation option. When you send a presentation, both from Library or Projects, you have the option to require a password for any recipient to see the link. This ensures that even if an end user forwards a link to someone that shouldn't have it unless they have the password it will not be viewable.
- Detailed Presentation reports. In both Library and Projects, we offer detailed reports that show who has viewed what, and how many times. You can also see who forwarded Presentations and to whom. If you notice individuals who have viewed Presentations that they shouldn't have, you can expire Presentations from the reports page.
User Permissions
Wiredrive offers different permission levels for users so that admins can limit access and functionality, such as the ability to download files and create new users. We have breakdowns of the different user's levels for both Projects and Library. It is the responsibility of Admin-level users to make sure that users have the correct level of access to the Wiredrive system. Remember that administrator level users can do all functions within the system, so we suggest that companies use this permission level sparingly.