Starting today and over the next few weeks, Checkbox will be implementing some changes in order to increase the security of your Checkbox Survey account.
New Email and SMS Invitation/Reminder Link Expiration Limit
The first of these updates was released to hosted and on-premises accounts today in version 7.45.0. As of version 7.45.0, all Checkbox Survey links sent through Checkbox email and SMS invitations and reminders will be required to have an expiration date. The expiration will be set to 7 days by default, but survey admins will have the option to increase or decrease the expiration period. Note that increasing the expiration period is a security risk and should be done with caution.
Existing invitations and reminders created prior to the 7.45.0 update will expire automatically on October 31, 2022. On-premises customers will have the option to set their own expiration date for existing invitations and reminders during the patch process.
Over the coming weeks, Checkbox will be implementing several updates in preparation for our rollout of Multi-Factor Authentication. Multi-Factor Authentication, or MFA, which is planned for release by the end of 2021, will be required for hosted accounts and optional for on-premises accounts. Once this feature is released, admin users (System Admins, Survey Admins, Report Admins, Survey Editors, Contact Admins) on accounts with MFA enabled will be required to authenticate their logins on each different device/browser once every 30 days by entering a code that they receive via email. MFA is being added as a security enhancement in order to better protect your data.
Within the next few weeks and in preparation for the MFA rollout, Checkbox will be requiring a valid email address for all admin users (System Admins, Survey Admins, Report Admins, Survey Editors, Contact Admins). Email address will be required when creating a new admin account and existing admin users will be required to update their profile if they do not have an email address on file. Both new and existing admins will need to verify their email address by entering a code sent to them by email before they will be able to log in. Once an email address is verified, it will not need to be verified again as long as the email address is not changed.
We will continue to post updates to this forum as these security enhancements are rolled out. If you have any questions, please feel free to log into your support account and enter a support ticket for our team.