TrackerRMS Help

Your one-stop shop for help on TrackerRMS

Back to Topics

Help Topic: Our Security Protocol for Logon


Security Protocol

In order to keep our client's data as safe as possible, we adopt a strict security protocol for Logon.

At the point your details are entered into the Logon page, these are encrypted and passed to our logon handler where they are validated and your logon session is issued a unqiue token.

This token is undecipherable by anything other than Tracker and contains numerous validation and configuration details used to establish your session.

2 critical aspects of this token are mandated:

  • The token was established from the same IP address as the PC/device that is requesting the token be processed on the destination service (the main Tracker application)
  • The token be created in the last few seconds 

If either of these 2 criteria do not match or are expired, the token will be deemed invalid and destroyed.

 

Access Tracker from Public WiFi and Workspaces

To counter the situation where tokens are intercepted (e.g. by sniffers or hackers), the IP Addresses must match between the act of logging in to Tracker (the logon page) and that token being processed by the destination server that will provide access to the main application allocated to your session geopgraphically.

This ensures that even if someone had intercepted your token, this would be rendered useless if not from the exact same location or used within seconds of generation.

Public WiFi or Workspaces sometimes "round robin" IP Addresses to handle multiple sessions or to load balance network traffic and this can sometimes cause issues with logging on where the IP Address used for initial logon is not the same as that when acessing Tracker to process that token.

In these cases, please try and use a service that offers a dedicated or fixed IP or contact the Workspace IT team and see if they can fix the IP Address that you/your team will use.