Skip to content

Security

MobiLec has been audited several times by TÜV Rheinland.

In the course of this audit, the certification officer checked the system for security-relevant aspects. The possibility of unauthorised persons gaining access to MobiLec data was also examined. One of the ways to gain such access is to try out possible login data in order to find a valid combination that can be used to authorise oneself in the system as an authorised person. To prevent this, it is important to make the combinations complicated and limit the number of attempts.

Login name

In order to achieve the most complex login combination possible, the login consists of two keys, the login name and the password. The login name allows the authorised user to separate the login from their email address. This prevents the e-mail address from being guessed as a key for authentication in the MobiLec system through knowledge of a company structure.

Password guidelines

The password guidelines correspond to the current specifications of the certification officer. The following guidelines must be observed when adhering to the password.

The password must be at least 8 characters long and fulfil 3 of the following 4 security criteria:

  • At least one lower case letter
  • At least one capitalised letter
  • At least one number
  • At least one special character

IP blocking

If the MobiLec system recognises a high number of incorrect authentications from the same IP address within a short period of time, an IP block is automatically issued. This means that all subsequent accesses from this IP address are blocked for a longer period of time.

The IP lock is system-wide.

This means that the block applies to all accessible services of the system. As soon as an unauthorised access attempt is detected in one of the services, the entire MobiLec system protects itself and prevents access to all services.

Please note for company access via an IP address.

The IP lock becomes problematic with many MobiLec users who are connected to the Internet via the same IP address. If a user accidentally triggers the lock by entering incorrect login data, all users connected to the Internet via the same IP address will be locked out of the system.

Trigger

An IP block can be triggered by one of the MobiLec services. The rule as to when an IP block is triggered depends on the importance of the service within the MobiLec system.

  • Portal after 5 failed authentication attempts in a period of 15 minutes.
  • Mini after 10 failed authentication attempts in a period of 5 minutes.

Period

The current period is 12 hours regardless of the service that triggers the block.

Reset

To reset the IP lock, please contact MobiLec Support or use the "Unlock IP address" function. By entering the login name and the e-mail address or mobile phone number stored in the MobiLec user administration, you can have an unblocking code sent to you. If this unlock code is entered within 10 minutes, the IP lock will be reset.