GSTN and NIC has brought new security measures by bringing 2FA model while signing up. We have brought MFA earlier only but unlike GSTN/NIC it is optional on IRIS.
Now just to add one more layer in the overall security of your data, we are introducing Captcha check while logging in to IRIS Web portal (app.irisgst.com).
Impact of these changes on UI
- CAPTCHA: Will be implemented on Signup, Login, and Forgot Password pages.
- Inactive Session: Users will be directed to the login page if there is no activity on the application for 15 mins (applicable only to products, not the UUM page).
Impact for those clients who have done API integration
- Auth token validity will get reduced to 8 hours (previously it was 24 hours).
- Rate limiting on Login and Forgot Password.
– Login: Users will be locked for 15 mins after five consecutive incorrect password attempts.
– Forgot Password: Users must wait 15 mins before placing the next request after initiating a forgot password request. - Users will not be able sign up using disposable email addresses (e.g., Malinator). Known disposable email domains have been blocked.
Impact for SFTP
No change in SFTP upload and download
We are adding one more layer to ensure the data security.
Disable Concurrent Sessions: We will be making changes to prevent a user from being logged into the system using the same credentials from multiple devices or locations simultaneously. So if a user is logged in on one device or browser and attempts to log in from another device or browser, the system will log the user out from the first session.
For example, If suppose a person A has logged in using an ID and another person B uses same ID and login to IRIS then person A will be logged out.
So if you are using same ID for multiple users then we request you to create separate IDs for all users.
