Merge pull request #1912 from thomchambers/patch-2

Update Security page content
2026-05-26 08:09:51 -04:00 · 2018-03-01 09:55:55 +00:00
parent aae94c8c80 e899e2e826
commit 70e37a1af5
1 changed files with 13 additions and 2 deletions
--- a/app/templates/views/security.html
+++ b/app/templates/views/security.html
@@ -44,9 +44,20 @@
      <li>protective monitoring to record activity, and raise alerts about any suspicious activity</li>
      <li>using JSON Web Tokens, to avoid sending API keys when your service talks to Notify</li>
    </ul>
-
-    <h2 class="heading-medium">User permissions</h2>
+    
+    <h3 class="heading-small">Protect sensitive information</h3>
+    <p>Some messages include sensitive information like security codes or password reset links.</p>
+    <p>If you’re sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
+    
+    <h2 class="heading-medium">User permissions and signing in</h2>
    <p>You can set different user permissions in Notify. This lets you control who in your team has access to certain parts of the service.</p>
+    <h3 class="heading-small">Two-factor authentication</h3>
+    <p>To sign in to Notify, you’ll need to enter:</p>
+    <ul class="list list-bullet">
+      <li>your email address and password</li>
+      <li>a text message code that Notify sends to your phone</li>
+    </ul>
+    <p>If receiving text messages at work is a problem for your team, <a href="https://www.notifications.service.gov.uk/">contact us</a> about using an email link instead.</p>

    <h2 class="heading-medium">Information risk management</h2>
    <p>Our approach to information risk management follows National Cyber Security Centre (NCSC) guidance. It assesses:</p>