Best practices for password management in MyAdmin

Geotab continuously strives to evolve and strengthen the security mechanisms and processes in which we operate. We also try our best to do what is right for our clients and help keep their data safe, providing the necessary tools to help our clients manage this. One of the fundamental areas in which steps can be taken to help secure data, is to use best practices for usernames and passwords.

The mantra to “keep passwords unique and complicated” always holds true. However, there are additional steps clients or managers can take in relation to best practices for user accounts for MyGeotab, and other services as well.

Basic Steps to Keeping Data Secure

Routine auditing of all available logins is crucial for businesses. As employees come and go, it is important to keep track of all active accounts, and when particular accounts need to be disabled. Failing to do so results in increased liability and under particular circumstances exposes individuals to potential abuse/tampering of their private data, e.g. in the event of an employee going rogue or the aftermath following employee dismissal.

In addition to this, having team accounts shared between multiple individuals at an organization dissolves clear accountability of what actions individuals perform. Therefore, this practice should be avoided if at all possible.

SAML for MyGeotab

Geotab is currently using Security Assertion Markup Language (SAML) 2.0 in beta. It can be enabled in MyGeotab via the Feature Preview user interface (UI) setting.

SAML allows an organization to streamline access to external services and/or applications such as MyGeotab. Instead of storing passwords in other services, such as MyGeotab, SAML makes it possible for organizations to have their users log into their own system and get access to MyGeotab (and potentially other services).

Using SAML eliminates the need for individuals to utilize multiple passwords for different services, and enables much easier management of accounts by administrators of an organization. Geotab Support can be contacted for assistance in regards to setting up user access via SAML.

As of the September release of MyGeotab, the System Setting of “Allow Reseller Login” is now live. This option allows clients to turn On or Off the ability for their authorized resellers to login to their customer databases for tier 1 troubleshooting purposes. The default setting on all databases when the feature originally went live was Off. As this feature is still relatively new, select legacy databases/clients (those which were created prior to the feature going live) may have this setting toggled to On at the reseller’s request via Geotab Support. Doing this leaves databases matching the state of affairs prior to the feature being implemented.

Going forward, it is the responsibility of a client to manage the aforementioned feature. All new databases created after September 2016 will have this setting automatically set to Off.

Related:

15 Security Recommendations for Building a Telematics Platform Resilient to Cyber Threats
 

Geotab’s Security Policy on PCI Compliance
 

Personal Data Security 101