Overview
When I Work strives to comply with industry standard best practices that ensure your data stays private and secure.
Use the following article as a guide to learn more about the security measures that When I Work has implemented for the web app and mobile apps.
Trust Center
Check out our Trust Center to dive deeper into the measures When I Work has taken to build a secure platform.
Token-based authentication
When I Work uses token-based authentication for the web app and mobile apps. Token-based authentication is a secure verification method that enables users to log in once to the When I Work app and access it for up to 8 days without needing to log back in.
Who is impacted?
- Users of the When I Work web app
- Users of the iOS When I Work Scheduling app on any version before 8.3.1
- Every API consumer that is not using an application key
Token expiration parameters
Web app users are logged out of their accounts every 8 days unless they log out and log back in within 5 days. Mobile app users tokens stay active as long as they continue to use the mobile app.
- Logged in users receive an expiring token when their token is refreshed after 5 days.
- Any users not logged in to the web app are given a new token with an expiration date the next time they log in.
- Five days after receiving the new token, the token is refreshed at log in.
TLS v1.2 compliance
A TLS v1.2 compliant version of your web browser or mobile app is required to connect to When I Work. If your web browser or mobile app is not compliant, you will not be able to connect to When I Work. Use this article to help determine if your method of connection is compliant.
Check out the following articles for more information about TLS v1.2 compliance.