Guideline account passwords are hashed and stored in a secure database.. Industry-standard authentication practices are utilized, including SSL, hashing algorithms, and brute force protections. Single sign-on payroll providers are also integrated with Guideline to offer a streamlined sign-on experience. Participants are encouraged to take advantage of multi-factor authentication options available to them. Multi-factor authentication is enforced for Guideline employee access to sensitive systems.
Granular User Access Control
Guideline gives sponsors control over who can see and who can modify plan and participant information. Guideline operates based on a system of user roles and access permissions. Sponsors can add third party administrators, even administrators/bookkeepers that may have access to many disparate Guideline plans.
Data is encrypted at rest and in transit. Sensitive data is also encrypted prior to insertion into the database.
Preventing XSS, CSRF, and other malicious data entry
Guideline follows best practices such as CSP Headers to defend against malicious XSS and CSRF attacks. Security scans are performed weekly and on a deploy-centric basis. The system tests that user-entered data--and even the form fields themselves--match expected formats and values.
Brute Force Detection
Guideline protects against brute-force password attacks by limiting the number of login attempts from a single source over a predefined period of time. Failed login attempts are logged and visible via our in-house response dashboard. Guideline can also be configured to allow administrators to ban individual IP addresses and address ranges.
Addresses OWASP Risks
Guideline includes features that address the Open Web Application Security Project’s top ten security risks-- a list of the most commonly seen risks in practice. We prevent and test for these risks on an ongoing basis.