Friday, May 4, 2012

Software Update: Enhanced Password Privacy

At BuildingLink, we are all about security and accountability, and our customers use our software to help them achieve those very things! Recently, we've made several changes to even further enhance internal security, specifically with regards to password privacy and logins.

Going forward, users or managers will never be able to retrieve or otherwise view any password, including their own, once that password has been changed from the original system-generated password.

This means that when a user fills out the "Forgot Password" page, they will now be emailed a link that they can click on (for up to 24 hours) to reset their password to a new value. Their old password value will not be emailed to them, ever.

This also means that when a manager wishes to help out a resident by "emailing" or "printing out" their login info, a new password will first be automatically generated and only then will the manager have access to the "Email/Print Login Info" screen. ( Exception: If the current login was never changed by the resident from the automatic system-generated value, the "reset" step will be skipped.)

With this change, BuildingLink is following best practices for protecting Password Privacy, while still preserving management's ability to assist users who need to be given login/password info for their account, and still preserving residents' ability to self-recover from a forgotten-password situation.

No comments:

Post a Comment