All users accessing Movere need to be invited by an administrator using a valid, private email address. Public email services such as Outlook.com™, Gmail™ and Yahoo Mail ™ are not permitted, nor are generic user IDs.
No two users can share the same email address, nor can invitations to different customer accounts be sent to the same domain suffix. This prevents the same company from being invited more than once into Movere, and provides additional security against account spoofing. To prevent unsecure access, once invited, the user receives an email prompting them to register. The invite itself is valid for three days.
Access to Movere is governed by a combination of username, password, and access codes. The password is chosen by users upon registration and has a minimum complexity requirement of normal and upper-case characters, numbers, and symbols. Once the user registers, an SMS or voice confirmation is sent to the phone number of that user, which includes a unique seven-digit code. The user has five minutes to enter the code before it expires.
Passwords are stored in a hashed format and are cryptographically irreversible. Movere manages role-based access rights via claims. All access to any database containing confidential information is authenticated. There are no clear text logins to any Internet-accessible systems. Administrative users also have additional capabilities including inviting additional users, granting, and revoking access, and managing claims (Read, Write and Edit).