In short, very secure...
We’ve listened carefully to nearly 2 million users of our products that rely on us for security and compliance. The vast majority of them want to find a balance between information security and ease of use when it comes to the information they share outside of their business.
We take security and our obligation to you, our customers, very seriously. You can find out more about our security credentials on our security and availability page.
If you use Workiro with someone external to your team, be they a client or vendor, that isn’t already a Workiro user, they are sent an email notification containing a secure link to access and interact with the information you have sent them, without the need to create a Workiro account.
These secure links:
can only be accessed a few times before expiry *
are set to automatically expire within a short but practical period of time
are hashed and tokenised (obscured)
cannot be brute force engineered
only provide access to a single Workiro thread
If someone attempts to use a link that has expired or already been used on a different browser or device, they can simply request a new secure link. This will be generated only for the appropriate person and emailed to them, assuring them of the reason for doing so.
Unlike information sent by email and similar means, which is usually sent and stored in an unencrypted manner, can be duplicated, and is accessible in perpetuity - information in Workiro is only accessible to unregistered users in a secure point-in-time manner, and only for an individual interaction.
Anyone you work with that is already a Workiro user, will simply be prompted to sign in to their account before they can access the information you have sent them.
* In line with other leading products we set the URL to expire after a small handful of accesses to allow for convenient use across device and browser (for example, receiving the notification on your phone, and choose to deal with it later on a desktop).
Two factor authentication
In the future, we will add additional options for secondary authentication for certain actions and activity within Workiro - please register your votes in the Roadmap area of the app if this is something you are interested in.