Disabling accounts

Here’s one update administrators should be aware of, coming soon:

As part of our continuing efforts to ensure data security and privacy keeps up to date with current best practices, we’ve reviewed our codebase and functionality against the most recent OWASP Secure Coding Practices Guide

https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/

Most items in the checklist have already been addressed, but one new idea has just been added to Agilebase, the ability to disable users, and furthermore, to automatically disable logins for people who haven’t logged in in a long time.

I.e. OWASP check ‘Implement account auditing and enforce the disabling of unused accounts’

To start with, the time period is being set quite conservatively. If someone hasn’t logged in for at least a year, the account will be automatically disabled.

However, early next year, that timespan will be reduced to provide the privacy and security benefits of the feature, firstly to 90 days, then unless there are any objections to shorter timespans. It’s possible this could be configurable per company in the future.

As well as the automatic disabling of unused accounts, it’s now possible for an administrator to easily disable or enable users manually.

In Agilebase’s development homepage, view the list of users and the status of each person can be seen. Editing the user allows the administrator to tick or un-tick the ‘disabled’ checkbox.

That could be a security benefit if for example there are part time contractors who need access from time to time. You can temporarily revoke access from them by ticking ‘disabled’, then re-enable them as necessary, without having to go through the process of deleting and setting up users, privileges etc. again.

If you’ve any feedback or comments, please let us know.