close this to read article
Web applications contain resources that can be accessed by many users. To protect resources from unprotected access over the Internet, VWO provides various security measures. You can configure the security by clicking the gear icon ⚙ on the top right and going to the Account > Security section.
VWO typically provides security in the following ways:
- Login and Access
In VWO, you have the following option to manage the login and access of your account:- Allow VWO team to access your account
Sometimes, the VWO support team may need access to your account temporarily to resolve issues related to your account. Accessing your account settings helps our support members to diagnose and troubleshoot your issue faster and better. If you do not wish to allow access to the VWO support team, uncheck this option. - Expire user's passwords in 90 days
Enabling this option ensures that all the users reset their VWO password at least every 90 days. Passwords older than 90 days automatically expire, and the users cannot log in unless they change it. Users are notified over the mail with a link to reset their password before the existing password expires. - Log users out of VWO after 15 minutes of inactivity
Enabling this option ensures that all users are logged out of VWO after 15 minutes of inactivity. Users have to log in again to continue using the app. - Prevent users from reusing last <> passwords while resetting
Enabling this option allows you to set a numerical limit to restrict users from reusing the previous passwords. - Prevent users from reusing a password that was used in the last <> days while resetting
Enabling this option allows you to set a periodical limit to restrict users from reusing the previous passwords that were used within the specified number of days.
- Allow VWO team to access your account
- Alerts
Set email alerts for account administrators (Admins of the main workspace) to receive notifications for your VWO account-related activities like successful or unsuccessful login attempts and changes made to your VWO account. You can add multiple users to receive alerts on your account activities. - Allow login from specified IP addresses and Locations
With this, you can limit the IP addresses or locations that can access your account. This can be done by providing one or multiple IP addresses in the Allow login if IP address matches the following (add IP addresses separated by new line) field or by specifying one or multiple locations in the Allow login if location matches the following field present in Settings > Accounts > Security section of your VWO account.
To learn how you can do this in your VWO account, refer to Enable Users to Log in to VWO From Specified IP Addresses and Locations.
NOTE: You can use regular expressions to specify IP address patterns. For example, to enable access for all IPs matching the pattern "201.67.99.*", enter the regular expression as "201\.67\.99\..*". To type a range of IP addresses, use regular expressions for IP addresses. To learn how to build a regular expression, refer to How to Build your IP Regular Expression. - Extract/Delete Data For a Specific UUID
VWO saves visitor data against a UUID, which is created and saved on the visitor’s browser cookie. UUIDs are unique IDs that identify your website visitors and are different for each browser. To Access/Delete the data, provide the value in the UUID field present in Settings > Accounts > Security. To locate your UUID, refer to How to Locate your VWO UUID.
NOTE: As soon as your Access/Delete request is received by VWO, the VWO support team will contact you. - Single Sign-on
Single Sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of sign-in credentials. To know more about SSO, refer to Single Sign-on in VWO.