Configuring Compliance Settings
(If your Encyro account is part of an organization, see organizational compliance settings.)
To enable or edit compliance settings, go to your account Settings and click Compliance in the left panel (on a mobile device, scroll down to “Compliance Settings”).
The settings available are:
Require Strong Password
You may turn on the toggle switch next to “Require strong password…” to make sure you are required to use a strong password for your Encyro account.
- If changing this setting from OFF to ON, you will be asked to enter your current password, unless the system already knows your password is strong from a previous time you enabled this setting. If your current password is not a strong password, you will be prompted to change it. Your new password must be a strong password, meaning that, it must contain a mix of uppercase and lowercase alphabets, numbers and symbols.
- If you currently did not have a password (such as you signed in with Google or Facebook), you will be asked to create a password for your Encyro account. When this setting is ON, you cannot use your Google (Gmail) or Facebook accounts to login to Encyro. This is because Encyro cannot check if your Google or Facebook password is strong now or after a change.
Automatic Logout
When you turn on this setting, if you are logged in to Encyro but do not perform any activity on the Encyro website for 15 minutes (i.e., you are inactive for 15 minutes), then you will be automatically logged out. Automatic logout is required as part of most data security standards compliance.
However, if you only access your Encyro account on a limited number of devices and you are certain that each of those devices (your work computer, home computer, laptop, smartphone, any other computers you use at remote sites) is already set to lock its screen if left unattended for 15 minutes or less, then you can use that screen lock to satisfy your compliance requirement. In this case, you may disable automatic logout from your Encyro account.
You may wish to activate screen lock on your devices following these instructions:
- Windows: /blog/how-to-force-windows-10-to-lock-itself-after-inactivity-for-all-users/
- Mac: First set the display to turn off after inactivity and then require password upon wake up.
- Mobile devices (iOS, Android): See /blog/digital-safeguards-for-device-security/ and scroll down (or find “iOS” and then “Android”) – they are under section Device Encryption but describe both the screen lock and encryption together.
When this setting is ON, you cannot use your Google (Gmail) or Facebook accounts to login to Encyro. This is because Encyro cannot check if your Google or Facebook accounts are set to logout automatically in case of inactivity (usually, they are not).
Message Access Without Password
You can optionally turn on or off the switch for “Allow others to receive messages from me or my organization without a password.” If you turn this switch ON, you may select a number of days after which the message access links expire. When this is enabled, your recipients can simply click a link in their email to read the secure message you sent them. These links do expire to keep data secure.
Should I allow message access without password: Data privacy standards require access control to protect data. One way to implement access control is to send a link that can only be accessed using the recipient’s email account. And because the regular email messages are not encrypted and you do not want the message access link to be stored without encryption forever, the links expire after a few days. So using message access links without a password can meet compliance requirements.
However, the traditional method to meet access control requirements is to require a password. Even though that makes message access harder and may cause some users to simply give up on encrypted email and fall back to regular email.
So whether to allow such access or not is a subjective decision you must make. Our recommendation is this:
- If your contacts are themselves businesses (and subject to compliance), do not allow messages without a password (i.e., do require a password). They will make the extra effort to sign up for an account and benefit from password protection.
- If your recipients are consumers who may not be subject to compliance themselves, then do allow message access without passwords. Your recipients will continue to benefit from secure messages and the more security conscious among them will create a password.
Related articles
-
How do I see my account Audit Trails (Activity Logs)?
My compliance standard requires me to review audit trails or activity logs. Where can I find my Encyro account activity logs? What will see in my audit tra...
-
Can I enable compliance if I login using my Google/Facebook account?
You will be required to create an Encyro account password to enable the following compliance settings: Require strong password for account login. Automatic...
-
What country does Encyro operate from?
Encyro Inc is based in the United States of America, and is subject to US laws and regulations. Your data in your Encyro account is stored in our data cen...
-
Encyro's AICPA SOC2 Compliance
Encyro maintains and monitors compliance with trust service criteria established by the AICPA as part of the SOC2 standard for service organizations. Encyr...
-
My client is being forced to login, why?
I was told they wouldn’t need to log in, have an account, or need a password to access what I send to them. But when I send them an Encyro message, and the...
-
Uniform Compliance Settings for Organization
A user with data manger permissions (Can set compliance permissions as set under user management) can edit the organization's compliance settings. The orga...
-
Require Recipients to Use a Password
Can I enforce a password for my messages? Can I make it mandatory for my clients to use a password or create an account? How do I remove the option to rece...
-
Login Requirements for E-Sign
Encyro provides you multiple login settings to help increase the security of the documents being sent for electronic signatures and to enhance the non-repu...
-
Can I Avoid Having to Login Each Time?
If you are being asked to login every time you visit your Encyro account, it is likely that you or your organization's compliance settings have enforced au...