Security Criteria

Introduction

Autosky now includes new security features designed to protect user access and mitigate risks related to compromised credentials, weak passwords, and logins from suspicious sources. The goal is to increase the level of protection without compromising user experience, through the adoption of multiple defense layers.

Benefits

  • Strengthened access security to the platform.

  • Prevention of the use of compromised or weak passwords.

  • Blocking of logins originating from suspicious or blacklisted IPs.

  • Significant reduction in the risk of breaches.

  • Ensured smooth user experience, with fast and clear authentications.

This documentation is intended for AutoSky clients and users who need to understand the available security mechanisms in their access environments. The focus is to present features applicable to the Client layer, without detailing administration-only functionalities.

Security Features

Device Validation

Access is only permitted after validating the device being used. Validation can occur through a token sent to the registered email address or via an administrative token provided by support or an authorized partner. After 15 invalid token attempts, the user account is automatically deactivated for security reasons.

Tokens in the Client Settings Tab When device validation is enabled, the administrative token will be available in the Client settings tab. This feature ensures that authorized support can directly provide the code to the user in case of email delivery failures or reception issues.

Validated Devices

  • In the user listing within the Client, security indicators related to authentication are displayed:

    • MFA configured in the Client.

    • MFA enabled by the user.

    • Device validated.

  • Green indicators mean that the feature is active.

  • It is possible to view which devices have already been validated by the user and the validation method adopted.

Force Password Change

A feature is available that requires users to change their password at the next login. The administrator can enable or disable this requirement according to the account’s security needs.

Glossary

  • Device Validation: Extra authentication that confirms access is being made from a trusted device.

  • Token: Temporary code used to validate devices. It can be sent by email or generated by the administrator.

  • Password Rotation: Policy that prevents reuse of the user’s most recent passwords.

  • Weak Password: A password that does not meet minimum complexity requirements (length, varied characters, and no repetition).

  • Password Expiration: Feature that forces a password change after a specific period (default: 60 days).

  • IP/Password Blacklist: List of IPs or passwords blocked due to security risks.

FAQ – Frequently Asked Questions

I didn’t receive the token by email. What should I do?

  • Check if the registered email address is correct.

  • Confirm that the message was not sent to the spam folder.

  • If you still do not receive it, request an administrative token from your administrator or support team

Why was my account blocked after several token attempts?

For security reasons, after 15 invalid attempts the account is automatically deactivated. Contact support for reactivation.

What does the green indicator next to my user mean?

It means that the feature is enabled and active (MFA configured, MFA enabled by the user, or device validated).

Can I reuse old passwords?

No. Autosky does not allow reuse of the last 5 passwords already registered by the user.

My password was rejected. Why?

The system rejects weak or compromised passwords. The password must meet the following criteria:

  • Minimum of 8 characters.

  • Use of uppercase and lowercase letters.

  • Inclusion of numbers and symbols.

  • Cannot contain parts of the user’s name or email address.

  • Cannot be on the compromised password list

I cannot access from my IP. What could have happened?

The network address may be blacklisted for security reasons. Try accessing from another network or request access clearance from the administrator.

What happens if I don’t change my password when requested?

Access will only be granted after creating a new password, as required by AutoSky’s security policy.

PreviousUsersNextCloud Server

Last updated