Here at ApproveMe, we constantly strive to better our WordPress e sign product with visible features. But of course many of our best e signature features are the “unsung” hero features that go unnoticed behind the scenes. Security for your signers and digital contracts is of the upmost highest priority of ours.
As of our 1.4.0 WP E Signature release you can now have two layer signer identity authentication. This is the first phase of what will become very powerful security measures for your online documents (we plan on rolling our sms authentication and eventually public records authentication as a premium service).
WP eSignature transforms your WordPress website into a legally binding and court recognized online signature platform. It gives you the power to create, send and collect electronic signatures on your digital contracts, documents, agreements and more using your WordPress website.
In order to protect you (and your signer) we added some extra (optional) security measures, which are outlined below.
I’ll take a minute to detour about a very important security feature that already does exist. While WP eSignature does not require your browser-to-server communication to use an encrypted SSL (or HTTPS) when serving up your legal contracts and collecting electronic signatures from your signers, we do highly recommend you opt in for an SSL certificate. You can easily enable SLL from the super admin users settings page. From there they’ll be able to enable/force SSL on all of your document signing related pages.
Now… back to the new and exciting second layer or two factor signer authentication feature for WP E Sign (keep reading)!
In times past when you send out a digital contract to a signer our platform would generate a signer specific url and send that to your signer via email. If you had two signers on the same agreement each signer would receive their own unique signer specific url/link. The link was essentially a user specific password that grants access to the document.
The trouble here (which isn’t really that big of a deal.. but could be depending on the type of digital contracts or documents that you were sending) is that if another user intercepted that signer specific url they could take ownership of the document and sign it on the other signers behalf.
Because we are security nuts at ApproveMe and we LOVE coming up with ideas and ways to make our document signing application that much more secure we’ve got you covered. As of our 1.4.0 release you can now (while creating a document) also create (as a document sender) an “access code” or a “temporary password” to a document.
What this means is that your signers will be prompted to enter that temporary access code (which you manually create and provide to the signer). After a signer clicks “Review & Sign” from the email invitation and after they manually enter that “Access Code” or “Temporary Password” that you provided to them, they will be prompted to manually create their OWN password. Once they create (and verify their password) then and ONLY then will they receive access to their digital contracts securely.
As the document moves down the e sign chain and it eventually gets closed out if the signer wants to access the document again they will be prompted to enter the password that THEY setup (not you, not ApproveMe, but the one only THEY know!).
This protects you, the document sender, because it is easier to prove signer intent. It protects the signer because if their email account is ever compromised, an online intruder would not be able to receive access to the contracts without the password and there is no email thread connected to the document. It also protects you the sender because the two-layer authentication gets logged in the WordPress audit trail e signature certificate.