We are in the midst of rolling out several security enhancements and one you may already have noticed is the change to the password reset process.
New Password Reset Process
- A user clicks the Forgot password link on the login page.
- An email is sent with an activation/authentication link.
- The user clicks the link and is prompted to answer his or her security question which was set up during the first login / account activation. If you have not already been prompted to set this, you will in the near future.
- Once answered the user can change his or her password.
Administrators can no longer manually set/choose a user’s password. They can only send a reset link.
Additionally new users will have to activate their accounts by clicking on an activation link they receive in a welcome email. Administrators can resend the link if they do not receive it for some reason.
On the horizon we will also be requiring activation links to be sent/requested if you are using the app for the first time at a new ip address/location. This is to prevent people from accessing your account if for some reason your password is breached (and they would have to have breached your email account to do that as outlined above) or your laptop is stolen while still logged in.
We know that these measures make the app a little bit more cumbersome to use when logging in for the first time. Unfortunately they are necessary in the never ending battle against those that would profit by breaking into business accounts at various service providers. Please feel free to contact us if you have any questions.