This page explains the various security features of the Access login system and how you can help keep your account secure.
Choose a strong password that you do not use elsewhere.
Passwords must be at least 8 characters long and sufficiently complex to be labelled at least Acceptable strength by the password strength indicator. Some complex passwords are suggested above the new password box.
Tip: Two or three word phrases are generally stronger than single word passwords especially if one or more of the words is not in the dictionary. Create non-dictionary words by adding digits or punctuation.
Use a password manager
A password manager helps you create and store secure passwords for all your online accounts. Many integrate with your web browser to make filling in password fields easy. Even if you are using a work PC on which you can't install password manager software, you can still use a mobile app on your phone to help you create and remember passwords. Popular password managers include 1Password, LastPass and Dashlane.
Add a backup-email or mobile phone number
By adding a backup-email or mobile phone number to your Sealed Envelope account you will be able to use the self-service password reset feature if you ever forget your password. If you don't, you will need to contact an administrator to reset your password instead.
Look out for account-related emails
We will send you an email notification if any of the following occur:
- The reset password feature is used for your account email address. This will contain instructions on how to reset your password.
- Your password is changed. Only you can change your password, so if you receive this email unexpectedly, you should report it to a trial administrator or Sealed Envelope for investigation.
- Your account details such as name or email address are changed. You can do this on the My account page, or an administrator can make these changes for you. The notification will be sent to both your old and new email addresses (if applicable). If you are not sure why the changes have been made, you should contact a trial administrator.
- Your account has been suspended because too many login attempts have been made. If you receive this email unexpectedly, it may be a sign that someone is trying to break into your account by guessing your password. If you think this may be the case, please contact a trial administrator or Sealed Envelope for investigation.
Check your recent logins
You should check your recent logins on the My account page regularly and report any suspicious activity from unknown locations or web browsers.
About enforced password resets
In the past, it has been generally considered good practice to regularly change passwords, and this has fed through to regulations (such as 21 CFR Part 11) and corporate policies. However, it is increasingly recognised that this practice might be counter-productive, and several influential bodies including NIST and the UK Government now advise against periodic enforced password changes.
Sealed Envelope support enforced password reset intervals at the trial level, but by default this setting will be off. We recommend it is not used unless your trial has to comply with 21 CFR Part 11 or your own corporate policies. Trial administrators should contact Sealed Envelope if they require a password reset interval to be set.