Module 3: Addressing Security

Jump into Delighted security with this helpful video.

Prefer to read along?

Click CC to enable captions in YouTube or read the full transcript below.

Welcome back to Delighted’s Admin Certification. This is Module 3: Addressing Security.

Delighted’s security features help ensure the integrity of your research program. While some features are required, like passwords to log into your account, some are optional, like setting up 2-step security. While we strongly recommend setting up these additional measures, you and your team can decide what is needed for your organization.

It’s important to note that security changes only impact an individual user and do not change the security settings of other Delighted users, even if you invited them.

In this module, we’ll cover: accounting for security, signing in, Single-Sign On (or SSO), changing passwords, 2-step security (or 2-factor authentication), and signing out.

We’ve also created a handy guide to share with your users, which includes what they may need to know about security. You can find it in our show notes, under “The Delighted Security Briefing.”

If you’re interested in learning more about the ways that Delighted protects your data through our back-end security, head to the Security & Privacy section of our Help Center to learn more.

Delighted’s self-help security options are found in the Account menu. Let’s take a quick glance before jumping into specifics.

From the Account menu, users can: look up their email address and set up or disable Single Sign On, change passwords, set up 2-step security, and sign out. We’ll focus on each in turn!

It doesn’t get more basic than logging in. That said, there are enhanced security login options to consider—like deploying SSO and locking a user out after multiple login attempts. (So let’s get back to basics for a second.)

To sign in, go to Delighted.com and click Sign in.

Here, you have two options. If team members have set up SSO, they can select their SSO login (either Google or Apple). If they have not set up SSO, they’ll enter their email address and password.

Users will get three password attempts before the system locks them out for an hour, which is never good. What’s more, it will trigger a worrisome “suspicious activity” warning to the account owner's inbox.

If a user forgets their password (which does happen), have them click “Forgot your password?” from the Sign in screen. A password reset email will be sent to their account email address. They can then follow the instructions and click the Reset your password link found in the email.

SSO is short for Single Sign On. SSO allows a single ID and password to authenticate multiple apps and websites with one set of credentials, such as a Google or Apple login.

Why bother with SSO? Two reasons:

One, SSO can make signing in a bit more convenient.

Two, Combining the two credentials provides a double layer of security by layering a trusted security protocol (that is, Google or Apple) on top of Delighted security.

Delighted does not currently support any other SSO providers.

To set up SSO, click the Account menu, choose “Email address,” select “Connect with Google” or “Connect with Apple,” and log into your Google or Apple account. Once authenticated, you’ll be redirected to your Delighted account.

The linked email address will appear above a new Disconnect from Google/Apple button. Additionally, you’ll see a banner letting you know that your Delighted login has been associated with your Google (or Apple) login.

To disconnect from SSO, click Disconnect from Google or Disconnect from Apple on this screen, and that will be the end of it!

Delighted makes updating passwords a snap. The main caveat is that the password must be 10 characters or longer.  It's up to the user to decide on the use of special characters, capitalization, and numbers in a new password.

To change a password: one, open the Account menu. Two, click “Change password.” Three, click inside the first box and enter your current password. Four, enter the new password in the second box. (Watch the blue eye light up! Click the blue eye to reveal the password and avoid typing mistakes.) Five, click Save changes. If you make a mistake, you’ll see an error message (either “Oops, your current password is incorrect” or “Password is too short”). Remember, the minimum password length is 10 characters. When everything checks out, a “Thanks” banner appears and your new password will be live!

You can also change your password from a logged out state by using the Forgot password button on the login page.

2-step security slaps another level of security on your team’s research projects, requiring both a password and a mobile phone to sign in. Also called 2-factor authentication or 2FA, this level of safety may be required by your organization’s security policies. 2-factor authentication makes certain that the person trying to access the account is actually who they say they are (by tying their login to their personal phone number).

Delighted’s 2-step security requires entering a 4-digit code that is sent to a user in a text message.

When a new user accepts an invitation to participate in their projects, they’ll see a suggestion from Delighted to set up 2-step authentication. This is your cue to have them set up 2-step.

To set up 2-step: one, click Account. Two, choose 2-step security. Three, click “Turn on 2-step security.” Four, select your Country Code and enter your mobile phone number. Five, select three security questions and enter answers to each (these will come in handy if you ever lose your phone or have trouble receiving text messages). Six, click “Send verification code.” Seven, check your phone and grab that code, then enter it into the four boxes. If you make a mistake, the boxes will shake—retype your code or click “Didn’t receive a code?” to send a new one.

When finished, users will be told how “Great” they are (which is true of all Delighted users).

To turn off 2-step security, click Account, choose 2-step security again, then click “Turn off 2-step security.” Easy peasy!

If you want to keep 2-step security on but need to update your phone number or security questions, head back to the 2-step security page, then click “Change” next to the current phone number. You’ll walk through the set-up process again with a chance to make edits.

Misplace your phone? Forget your security questions? (Ouch.) 

What happens if a user secures themselves right out of their own account!?

There is a simple remedy: Click “Having trouble?” and then "I lost my phone" on the login screen and a new code will be emailed to you. Users will then be allowed to temporarily log into their accounts. They should immediately turn off 2-step authentication while they await their new phone. If things turn desperate, send Customer Concierge a note and we’ll send out our locksmiths.

We hate to see you go! But when it’s time to log out of your Delighted account, simply head to the Account menu and choose “Sign out.” Come back soon!

Thanks for joining us for another Admin Certification module. We learned about: accounting for security, signing in, SSO, changing passwords, 2-step security, and signing out. We’ll catch you in the next module!