All users accessing Movere need to be invited by an administrator using a valid, private email address. Public email services such as Outlook.com™, Gmail™ and Yahoo Mail ™ or are not permitted nor are generic user IDs.
No two users can share the same email address, nor can invites to different customer accounts be sent to the same domain suffix. This prevents the same company from being invited more than once into Movere and provides an extra layer of security when it comes to account spoofing. To prevent insecure access, once invited, the user receives an email prompting them to register. The invite itself is valid for 2 days.
Access to Movere is governed by a combination of username, password and access codes. The password is chosen by users upon registration and has a minimum complexity requirement of normal and Upper-case characters, numbers and symbols. Once the user registers, an SMS or voice confirmation is sent to the phone number of that user, which includes a unique 7-digit code. The user has 5 minutes to enter to code before it expires.
Passwords are stored in a hashed format and are cryptographically irreversible. Movere manages role-based access rights via claims. All access to any database containing confidential information is authenticated. There are no clear text logins to any internet accessible systems. Administrative users also have additional capabilities including inviting additional users, granting and revoking access, and managing claims (Read, Write and Edit).