Contact Me

Confirmit Stream Blog

Confirmit Stream
March 2010 > Best Practices on Security for Online Panels

Best Practices on Security for Online Panels

posted by: Nick Roman on 3/1/2010

confirmit blog post

In my previous blog entry I discussed the potential implications of security holes in panelist portals. Today, I will follow up with some advice on what measures you should take to ensure your panelists' data is safe and secure.

1.    Enforce a strong password policy. You cannot trust your panelists to choose strong passwords. A strong password policy may involve a combination of elements like:
 
•    Forcing a minimum number of uppercase characters, forcing a minimum number of non-alpha characters (characters that are not letters) and non-alpha numeric characters (characters that are neither letters or numbers).

•    Forcing password length.

•    Force passwords that are not similar to username.

2.    Enforce a password change policy. Elements to consider:
 
•    Passwords should expire after a certain time, after which the panelist will be forced to select a new password on login.

•    The new password should be different from the last X number of passwords used.

•    Force the panelist to have to wait for a certain period after changing the password before being allowed to change it again.

3.    Passwords should never be transmitted or stored in clear text:
 
•    Always use HTTPS on login.

•    Passwords should be hashed (one-way encrypted), and never be stored in plain text.

•    Do not send plain text passwords to panelists.

4.    Ensure that the system you are using has been submitted to Security Testing ("ethical hacking") to detect and fix vulnerabilities like SQL injection and cross-site scripting (XSS). If you are relying on an internally developed system, I would recommend getting security expertise to verify the security of your system. If you use a commercial panel solution, I recommend that you check that your provider can document that their system has regular security testing performed.

The password policy may obviously make things a bit more complicated for your panelists, but this can be reduced with good "forgot password" functionality (which should not be sending passwords in plain text!).

The sensitivity of the data that anyone running an online panel is handling, makes security a too important issue to ignore.

RSS Stream
Subscribe
Follow Us On
Twitter
LinkedIn

Post Archive
May 2012(3)
April 2012(3)
March 2012(1)
February 2012(2)
December 2011(9)
November 2011(2)
October 2011(3)
September 2011(5)
August 2011(4)
July 2011(7)
June 2011(7)
May 2011(7)
April 2011(6)
March 2011(6)
February 2011(8)
January 2011(7)
December 2010(9)
November 2010(12)
October 2010(8)
September 2010(4)
August 2010(1)
July 2010(6)
June 2010(1)
May 2010(4)
April 2010(6)
March 2010(4)
February 2010(15)
January 2010(4)
Blogs We Read
CRM Intelligence & Strategy
Customer Experience Matters
Customer Service in the Media Era
Harvard Business Review
Research Rockstar
MarketResearchTech
Return Customer
The Chief Customer Officer
The Survey Geek
Think Customers: The 1to1 Blog
Walker Information Blog
The Future Place Blog
Customer Strategy Thinking Aloud

Affiliates
An NGMR Top Blog