Contas desativadas

Sobre contas desativadas

Qualtrics takes the security and use of its product seriously. A equipe de segurança da Qualtrics monitora a atividade da conta com base em vários comportamentos e métricas. If Qualtrics suspects that harm may be caused to the Cloud Service or its users, for example if an account is flagged as potentially compromised or sending suspicious surveys or emails, then the Security team will review your account and disable it if necessary to prevent malicious activity.

This support page covers the account disabling process, why a Qualtrics account may be disabled, the process to recover an account, how to investigate account abuse, and how an organization can improve their account security.

The Account Disabling Process

When your account is disabled by Qualtrics Security, the following happens:

• The account’s password is reset.
• Todas as sessões de logon ativas são encerradas.
• The Qualtrics API token associated with the account is refreshed.
• Attention: Since your API token will be refreshed, any API calls that use this token will no longer work. Você precisará atualizar suas chamadas de API para usar seu novo token.

Additionally, an email is sent to all Brand Administrators listed for the brand, and the affected user. The email will have the subject line “Qualtrics Security Alert”, and it will include actions taken by Qualtrics Security (listed above), the reason the account was disabled, and the username and user ID of the affected user(s). It also links to this support page for more information.

Por que a Qualtrics desativou minha conta?

O Qualtrics Security pode desativar sua conta para evitar atividades maliciosas e proteger os dados da sua conta. An account may be disabled if Qualtrics Security believes any of the following has occurred (this list is non-exhaustive):

• The account has been compromised (i.e., an unauthorized party has gained access to the account, suspects credentials are compromised).
• A conta viola os Termos de serviço ou as políticas de uso aceitáveis da Qualtrics.
• A conta foi usada para distribuir malware, enviar e-mails de phishing ou realizar outras atividades maliciosas.
• Sua organização enviou uma solicitação para desativar a conta.

Recuperando sua conta

Para recuperar sua conta Qualtrics:

1. Redefina a senha da sua conta. A redefinição da senha parece um pouco diferente, dependendo de sua organização usar SSO ou não:
   • Se sua organização não usa SSO (ou seja, você faz login com e-mail e senha), solicite uma redefinição de senha e altere sua senha.
   • Se sua organização usa SSO (ou seja, você faz login por meio de um aplicativo de terceiros, como o Google), fale com sua equipe de TI ou administrador da marca sobre como redefinir sua senha de SSO.
2. Depois de recuperar a senha da sua conta, fale com o Administrador da marca para renomear sua conta.
   Qdica: Se você não souber as informações de contato do administrador da marca, entre em contato com a equipe de TI da sua organização.
3. Agora você pode fazer login na Qualtrics.

Investigating Abuse

Once the account is recovered and re-enabled, a Brand Administrator will be able to log into the account to investigate login events and activity.

Login Events

If your Organization has access to the Security Tab, you can look in the Activity Logs and search by Username to find the login event.

1. Navegue para Admin.
   
2. Select the Security tab.
3. Click Activity Logs.
4. Enter the username you are investigating into the search box.
   Qtip: You can filter down to specific events by clicking on the events dropdown and selecting an event of interest.
   

If your organization does not have access to the Security Tab, as a Brand Administrator, you can log into the account of the impacted user, and check their Recent Logins.

1. Navegue para Admin.
   
2. Selecione a guia Usuários.
3. Search for the Email Address or User ID of the impacted user.
4. Click Login to access their account.
5. Navigate to the Account Settings.
   
6. Click Switch to older version.
7. View the Recent Logins section. Here you can find the IP, location, and date of past logins.
   

Additional Activity

As a Brand Administrator, once you’ve logged into your user’s account, you can look for other activity that may have taken place. A good place to start would be the Home page, where you can view recently visited surveys. Within those recently visited surveys, you can view Distributions, Data & Analysis, and Contacts / Directories to view activity that may have occurred.

Melhoria da segurança da conta

While we cannot provide specific details regarding the source of the compromise, common factors include password reuse across multiple platforms, breaches from third-party services, and phishing attempts. We encourage all customers to implement the safeguards listed below to their accounts:

• Crie uma senha longa e exclusiva para a Qualtrics. Você pode alterar sua senha nas configurações do usuário ou solicitar uma redefinição de senha na página de acesso.
• Brand Administrators should:
  • Advise users not to re-use their old password when going through the password reset workflow.
  • Strengthen the Password Creation rules for your organization, found in the Organization Settings tab.
  • Enable Two Factor Authentication for your organization, found in the Security Tab.
  • Enable SSO for your organization if available.
  • Disable Qualtrics Login if you enable SSO.
  • Ensure that your SSO Configuration is configured in such a way that only legitimate users of your organization can create Qualtrics accounts on your brand. For more information, please see Restricting User Access.
  • Restrict access to Qualtrics accounts on your brand to your network’s IP range by enabling the Allowed IP Addresses permission.
  • Disable user accounts once they are no longer a member of your organization.

Perguntas frequentes