We want our users and our community to feel safe and protected when working on and with our online survey software, which is why we will expound on the essentials you need to know in terms of laws, measures, and security associated with data gathered by LimeSurvey. There are different legislative levels involved in the bigger picture of data security that LimeSurvey is subject to. Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) Starting at the organizational level, on which LimeSurvey receives data input from any potential user, data security and privacy have to be ensured by orders of the superior federal state level, i.e., the respective legislation of any of the 16 federal states in Germany. However, these multiple federal state data protection laws have to coexist with regulations on the country level, the Federal Data Protection Act, which was first introduced in 1978. You can read the details of the Federal Data Protection Act here. Any German organization such as LimeSurvey has to adhere to any data security regulations dictated by the Federal Data Protection Act and the federal state laws. The Federal Data Protection Act is further connected to European regulations. European Data Protection Directive 95/46/EC The Data Protection Directive 95/46/EC was adopted by the European Union in 1995 in order to regulate data processing and laws within its member states. It serves to specify and dictate minimal data security requirements that each member state is to incorporate into internal law. In fact, by 1998 all member states had created their own data protection laws according to the European Data Protection Directive, including Germany. You can find out more about the European Data Protection Directive 95/46/EC here. General Data Protection Regulation (GDPR) The General Data Protection Regulation is a new data protection regulation drafted by the European Union and will replace the previously existing European Data Protection Directive, as well as the German Federal Data Protection Act, and will, therefore, directly impact German laws on data security, including measures undertaken by LimeSurvey to keep users' data safe. The GDPR was implemented on 25 May 2018 and aims at strengthening data protection throughout the EU by unifying regulations incorporated into the national law of all member states. Thus, data security policies will assimilate in the future across countries in the European Union. The goal is to increase data security by standardizing regulations within an established and dynamically cooperating inner-European market. The reason for this radical shift of EU regulations is founded on increasing data abuse possibilities due to expanding cloud computing and big data efforts prevalent among organizations in all areas nowadays. You can find out more about the European General Data Protection Regulation here. In Safe Hands with LimeSurvey Any data collected and processed by LimeSurvey is done strictly within the legal requirements. We are an Open Source organization that thrives on our great community without forcing or restricting anyone's use of our online survey software. The community can only keep growing safely if data protection is ensured at all times, which is the most valuable user right in the eyes of the LimeSurvey company.LimeSurvey neither discloses any user data publicly nor transfers any user data to any third party without explicit consent. It has always been this way and will always remain this way.Amen.
- Details
- Category: Security
- Details
- Category: Security
2FA is a way to add additional security to your account. It is called "two-factor authentication" because two verification methods are used to access your account. The first "factor" is your usual password which is standard for any account. The second "factor" is a verification code retrieved from a 2FA application either from your computer or mobile device. For more details about 2FA and its importance, please visit the following article. Setting up the 2FA To see it at work, please create a free LimeSurvey account, access your LimeSurvey instance, and activate it from your Plugin Manager: Once enabled, you and your users can activate it from your own personal 2FA settings. To access them, click on the “2-Factor-Settings” menu item located on the top bar and select "2FA-Setting": On the next page, click on “Register 2FA now”: Once done, you will be prompted by the following message box: Select the 2FA authentication method. By default, five different 2FA types are provided: Google Authenticator (default), Authy, YubiKey, Authenticator Plus, Duo, and HDE OTP. Scan the QR code with your mobile phone. For a list of application recommendations, check this article. Enter the confirmation key displayed in your 2FA application (by default, a six-numeric code). Once done, click on the button "Create 2FA binding". To test it, please log out and log in again: Congratulations! You have just enhanced the security of your LimeSurvey instance! Enforce your 2FA If you wish to enforce this security measure, go to Plugin Manager, and configure the 2FA system at the global level. The following page will be loaded: Please go to the last option, enable Force 2FA, and save the changes. In this way, your users will be forced to create a 2FA key after their first login. If you have the necessary global permission, you can check under the 2FA administration panel which users are using the 2FA system (see the last column): Deactivate or reset your 2FA To deactivate 2FA authentication, go to your personal 2FA settings and click on "Unset 2FA": Confirm your action to delete the 2FA token associated with your account. Please note that you will need to re-authenticate again if "Force 2FA" is enabled from the plugin settings. In case you cannot log in anymore into your instance and you wish to reset your 2FA settings, contact your LimeSurvey instance super administrator to delete the 2FA token associated with your account. That way, you will be able to log in again to your account and create a new 2FA token. Try the plugin and let us know what are your thoughts. Join our forum discussion topic! We are looking forward to hearing your feedback! Additional Information Please note that all token authentication systems that provide time-based hash tokens work with the plugin. For more details about the plugin, please check this wiki page.