The following information provides you with security & safety tips to protect you and your company
when transacting business online using Tech Data’s website, InTouch. Areas covered include;
Tech Data’s InTouch website includes a number of features to help you create and use secure
passwords, but in addition, you should consider some of the following points when creating passwords for
InTouch and other websites in general;
|• Use complex passwords at least 8 characters long.
|• Include both upper and lower case characters,
for example PaSSword.
• Also, include numeric characters (numbers 0 – 9), for example
• For extra security include special characters (* $ - + ! ? , .),
for example Pa$$w0rd!
InTouch only allows you to create a new password providing it includes a minimum of 8
characters, one of which must be numeric to ensure you create a strong password from day one.
|• Never share your password with anyone, not even with your work colleagues because
any fraudulent activity will be logged against your user account, for which you could be liable.
|• Change your passwords frequently, at least every 6 months and its good practice
to have one password per site, rather than use the same one for multiple sites. If your password has been
obtained, cyber thieves will usually attempt to use this in all your online accounts including
social media sites, web shops, forums and email accounts.
• Change default passwords after registering for, or obtaining a new
account as soon as possible, especially if you are not prompted to do so automatically, as with InTouch.
Default passwords are often well known and used in an attempt to access user accounts fraudulently.
|• For more tips on creating complex and strong passwords, read the following article
from Microsoft; http://www.microsoft.com/security/online-privacy/passwords-create.aspx
To help you understand how complex and strong the password you create for InTouch is, we will provide a
visual indication of this as you type in your new password as follows;
Passwords are like underwear,
Don't leave them lying around,
Don't lend them to others, and more importantly....
....change them frequently!
It’s possible you will want to access your InTouch account from outside your usual office and
potentially on an unsecure PC (i.e. a PC which is not your own). If this is something you do to provide
pricing during customer visits, Tech Data suggests you create a second log-in with minimal rights (e.g. view
only access and no ordering rights).
Using your passwords on shared computers e.g. internet cafés and unknown PC’s can be dangerous
as your account information and passwords are at risk from malware, key loggers and other means.
Tech Data advises the Reseller Admin/InTouch Supervisor of customer accounts to regularly manage/clean-up
your InTouch users in your accounts.
Some tips include;
• Ensure you delete all company leavers as soon as they are no longer employed by
This prevents unauthorised ordering against your account by non-employees.
This prevents leavers who move to your competitors from accessing your cost prices which could
provide them with a competitive advantage over you when quoting for the same business.
|• Regularly check the InTouch rights of your current employees; ensure
only authorised purchasers have the correct ordering and drop shipment rights to prevent unauthorised and
|• Create an internal process whereby your InTouch account users are
created against single, individual named company emails.
• Do not allow users to share accounts if possible and do not allow multi-user
accounts to be created e.g. sales, purchasing etc.
This limits the control you have over who has access to your account; users leaving your
employment could still be accessing the account and unauthorised users could have ordering and drop shipment
A new Security feature of InTouch for Reseller Admin/InTouch Supervisors is the option to set automatic
password change requests for users at point of log-in on a three monthly basis, in addition, InTouch will only
accept a password which is deemed ‘strong’ as indicated by the password strength indicator
described above. Therefore, every three months when users log-in they will be asked to change their
password, ensuring good security of their user accounts.
To set-up your InTouch account to request a user’s password to be changed every three months, simply
open the InTouch Admin Tool, click the ‘Password Security’ check box and click the green arrow to
It is also possible to configure InTouch access for your accounts at IP address/range level to further
protect your InTouch account from fraudulent access. Users with Reseller Admin/InTouch Supervisors can
add an IP address/range to your InTouch account restricting InTouch access for ALL users to
that IP address/range only.
To configure your preferred IP Address/Range settings, simply open the InTouch Admin Tool, enter the
relevant IP address/range, select the correct IP type from the drop down menu and click the green arrow to
• InTouch access for ALL users within the Reseller InTouch account is now restricted to
this IP address/range only – access to InTouch outside of this IP address/range will be blocked, so field
based users will not be able to access InTouch on site visits.
• If the user tries to access InTouch from outside the specified IP address/range more than
3 times their user account will be blocked and can only be unblocked by the Reseller Admin/InTouch
• If the company has an internet gateway with changing IP addresses this functionality
should NOT be activated as users will NOT be able to access InTouch AT ALL.
InTouch also offers three levels of security against the active InTouch session (i.e. the period the user
is active within InTouch between point of log-in and point of log-out), low, medium & high. These
security settings offer various levels of protection during the user session to prevent sessions being used by
anyone other than the authorized user.
Each level offers a different number of checks based on IP address, browser and also includes automatic
session timeouts to prevent a user session from being ‘stolen’. Tech Data’s preference
is for ALL users across Europe to use the HIGH Security Level for the best level of InTouch session security
To configure your preferred Session Protection Level, simply open the InTouch Admin Tool, select the
Session Protection Level required from the drop-down menu and click the green arrow to save;
• This changes the Session Protection Level for ALL InTouch users.
To protect both your account and InTouch against malicious attacks from the Internet, Tech Data have
introduced input validation within text fields where you are requested to enter search terms or information
specific to your order e.g. address details.
Firstly, unless otherwise required (such as in email addresses), most special characters cannot be entered
as an input character within text fields, these include characters such as <, >, /, #, +, !, $, %, ^,
&, * etc.
In addition, if we expect the field to only accept a specific character type, for example, a numeric in
telephone number fields, then it will not be possible for you to enter non-numeric characters, this includes
all alphabet characters (A to Z) and all special characters.