Last edited 10/20/2022
Cyber security is a vital part of our digital lives and we at Tentaroo take this very seriously. We have several measures in place to provide security and are going to be adding additional security features in 2022. Please review the existing features and best practices below to protect information for your admins and units, and to learn more about our forthcoming upgrades.
General Best Practices
- Update your browsers and operating systems regularly.
- Use a robust password - longer passphrases are more secure than short, complex passwords.
- Minimum 8 characters, maximum 50 characters.
- Case sensitive.
- Special characters are supported but not required.
- Don’t click on links in suspicious emails.
- Don’t give your Tentaroo admin password to anyone - we will never ask for it.
- Don’t use the same password you use on other systems such as your bank account.
- Review transaction history using the system Audit Log or the group’s Audit Log. This report will show any changes involving money, when they happened, and the account that made the change.
- Use an active email address for every admin account - this is the login ID.
- Admin passwords are encrypted with single way hashes.
- Admin accounts are managed by each council - two or three core staff members should be able to Manage Admin Accounts. Read more.
- If an admin forgets their password, they can use the Forgot Password link on the Login page to reset their password. An active email address as login ID is required for admin accounts.
- Regularly review admin accounts: who has access, and what level of access? Read more.
- Grant the minimum permissions necessary to get the job done. Reach out to us for guidance.
- Create one account per user - no shared admin accounts.
- Calendar a review of admin accounts at least once a year.
- As council staff change positions or leave the council, adjust permissions or delete accounts. Read more.
- Tentaroo Support maintains a System Admin account for each system in case we need to do maintenance.
- When creating accounts for end users, you will set a temporary password that they will be required to change upon login.
- Unit accounts are shared accounts for the unit - discourage use of passwords that are also used in other sensitive systems, such as personal or unit bank accounts or social media.
- Make sure your end users reset their passwords regularly, especially on unit accounts when unit leadership changes.
- If a user requires assistance gaining access to the account, first confirm and/or update email addresses based on other known records such as Akela data, then send a Password Reset Link to those email addresses so the user can reset their own password.
- Only use Change Password if all other attempts to help the user gain access on their own have failed. When you do use this feature, it is a temporary password that the user will be required to change the first time they login.