Absolutely, DFdiscover has been designed with security as a key requirement.
- All access to DFdiscover is restricted to users with valid credentials. These credentials include a verified username and password that are assigned and controlled by a secure DFdiscover administrative account. Requirements are set for password complexity, validity period and if users can individually reset their accounts.
- User credentials may optionally require Two-Factor Authentication. This is also controlled by the administrative account.
- Study / database administrators assign roles to user accounts, allowing access to the minimum amount of data and features for the user to fulfill their study role.
- All user-initiated changes to study data are centrally and separately logged with a username and timestamp.
- All communication between any DFdiscover user client application and the DFdiscover server is over a direct, encrypted communication channel. The client can always confirm validity of the server that they are communicating with. Communication uses only the most current TLS protocol versions and industry-standard ciphers.