System Upgrades - New facilities
1st November 2014
See also links in the sidebar for other items in this release.
The security of clients systems and their data is really important to us and we are always looking to ensure that we fully protect client data and ensure access to systems is secure. The last major worldwide IT security alert was the Heartbleed bug in April of 2014 – it affected an estimated 66% of all webservers. We and our partners had all our servers all patched within a week of its discovery (see our web announcement of April 2014). We have since heard this was considerably ahead of many other system vendors – so we feel we have a very good track record in this area. However we want to keep progressing and we have some new facilities we are launching, and would also like to take this opportunity to remind clients of other facilities that are available that they may wish have added to their system.
We are launching a new password facility where we can force (at your direction) more secure use of passwords for your users. One of the problems with user passwords is that unless they are of sufficient length, used mixed case and alpha + numeric’s then they are not complex enough to deter hacking. The new facility does two things: (a) it provides a visual indicator of password strength (see graphic below) e.g. does it have upper and lower case and include numerals and is of sufficient length, and: (b) we can set within the system a strength level of how sophisticated you require your user passwords to be i.e. if you are ok with your users having ‘weak’ passwords then we can allow that – but if you want to force your users to have ‘strong’ passwords we can enforce that too – its your choice.
The new Password facility also comes with a special password recovery link. Unlike the standard facility that sends a user their password by email, this method sends them an encrypted link by email. The user then has a limited time (default 2 hours) with which they can click on the link and renew their password. The advantage of this method is that the actual password is never sent over the email system and so is more secure.
As a reminder we also can offer token-based password access where passwords are never sent by email. We can also set your admin/employers portal so that it will only be available to particular IP ranges that you use. If your internal computer network is restricted to a certain IP values or range we can ensure access will only be available to users whose connections come from that IP range.
We can also restrict access by country – very useful should you find your organisation’s website is one that suffers from DoS attacks from certain countries and we can also use SSL certificates (note: only available on some servers) and encoding. With the exception of SSL all these facilities are available free of any recurring charge (though some configurations may require work to implement upgrades etc which we would expect to charge a one-off fee for). Please also note changing the Password method within your system will require all users to be notified and have their passwords reset.
Important Notice- Disclaimer
The contents on these pages do not constitute any legal or professional advice given to either clients, customers, partners or resellers. Not do we warrant that the facilities outlined will be either suitable or compatible with your configuration without us being fully consulted. You are also advised that facilities may be amended, augmented or even removed without prior notice. Some of the items contained have already been launched to some clients, partners and resellers.