There are a few different ways you can control the way your clients can access their data in Content Snare. These vary in complexity for the client.
First, you should understand how requests are sent to clients — with unguessable links.
Unguessable links
One of the main features people love about Content Snare is that clients can simply click a link in their email to get access to the request. This can feel unsettling, but it is much more secure than you might think. After all, Google and many other online services use unguessable links.
An unguessable link is one that uses a long string of characters that would take many years to guess with current computing power. If someone programmed a computer to try random combinations one after another to find one that worked, it would take more than a decade. They would also have to contend with being blocked for trying so often.
The primary concern is if your client forwards the email to someone, or if a malicious actor gets access to your client’s email. In this case, they could also access the request.
It’s important to know that once you close or archive a request, that link is no longer accessible. So if your client completes their request in a week and you close it off, there’s only a short period of time when the link is even accessible.
If you are still concerned about this, there are some additional layers you can add.
Security settings for client access
Easiest: Confidential fields
You can enable the Confidential option when you add a field to your request.
Once your client submits a confidential field, it can never again be viewed by someone using the unguessable link. If they accidentally forward an email to someone, that person could open the request, but they would not be able to see anything that was marked as Confidential.
You get the simplicity of clients being able to get in just by clicking a link, but the added security of others not being able to see certain questions. All you need to do is turn this on, and Content Snare handles the rest by telling the client what to do.
| Note: We recommend using confidential fields sparingly. The user experience is a little more difficult if lots of questions are set as confidential. |
Medium: PIN code
You can also set a PIN code your client needs to enter when opening their request. The system will ask your clients to set their PIN as soon as they open the request:
Once set, the code has to be re-entered every time your client wants to access the request.
Hardest: Create an account
Your client will have to create a Content Snare account if you disable Allow share via link without requiring login.
The default email template is automatically modified, asking your client to create their account. They will have to create a password and log in to Content Snare to access any requests.
The downside is that non-technical clients are often horrible at remembering passwords. It adds friction to the process, which may mean that some people will resist the process of giving you information. In our experience, even a slight increase in friction means delays in getting the information you need.