Security Update (July 2021)

New Security Features

With so many people working from home during the pandemic many organizations are looking at the security of the online applications they use. TrialGrid already had a good security profile but we have improved it with the following new features:

  • Two Factor Authentication
  • Password Policies for Organizations
  • Virus scanning of user file uploads

Two Factor Authentication

TrialGrid now supports two-factor authentication (2FA) using any standard Authentication App. User can set up 2FA from the user profile dropdown menu:

Setup 2FA Step 1

You can then scan the QR code using your Authenticator App. Note that Google, Apple and many other companies provide authenticator applications for most smartphones, there is no TrialGrid-specific App for this.

Setup 2FA Step 2

Once setup is complete, on login you will be asked for your authentication code:

2FA Login

The TrialGrid system works with authenticator applications but also provides the option for recovery codes which can be used to recover the account if the authenticator application is lost.

Users can also opt out of 2FA if they wish. In future TrialGrid may make the use of 2FA controlled by the users organization so that organizations can mandate its use.

Password Policies for Organizations

TrialGrid now supports variable password policies for users within an Organization. By default the TrialGrid password policy is set to:

  • must contain at least 9 characters
  • cannot be too similar to username, email address, firstname or lastname
  • cannot appear in a list of common passwords
  • cannot be made up of all numbers

But Organizations may now request that their users have or or more additional requirements chosen from this list:

  • must contain an uppercase letter
  • must contain a lowercase letter
  • must contain a number
  • must contain one of these characters: !@#$%^&*
  • cannot be a password which has been exposed in a data breach.
  • previous passwords cannot be re-used. The number of previous passwords to be checked against is configurable by TrialGrid.
  • expiry after a specified number of days

If you would like to change the default password policy for your organization, please contact us.

Virus scanning of user file uploads

The TrialGrid system has a number of places where users may upload files. These include:

  • User profile pictures
  • Architect Core configuration spreadsheets
  • Architect Loader Spreadsheets
  • Project related files

TrialGrid now scans these files for malware/viruses and blocks the upload if they are identified as suspicious:

Infected File

Summary

Security is important to TrialGrid. We engage a security consultancy to perform an annual penetration test on the TrialGrid system and action any findings. Our last test was performed in June of 2021. A copy of the test report is available on audit of TrialGrid but the summary of our last report states:

    ...overall security posture of the TrialGrid web application was strong.

We believe these new security features will benefit all our users. Contact us if you have any questions about these features or any other aspect of the TrialGrid System.