We recently changed the procedure for sending forgotten passwords to enhance security further.
As you are probably aware, the security of Internet passwords is in the forefront of the news these days. Volgistics includes excellent procedures for protecting account information through the use of security features like those described here. Volgistics, and your data, were never susceptible to the recent Heartbleed security vulnerability because we do not use open source SSL in the code or in any of the third party applications we use.
As part of our commitment to continually update the system to enhance security, we have changed the way forgotten passwords are delivered. When a user forgets her or his password, the system now sets the password to a temporary, random password, which is sent to the user by email. This password must be changed to a permanent password that meets the password strength rules setup for your account when the user signs-in using the temporary password. The following help topics explain more about passwords and how the system handles forgotten passwords:
- Volunteer & Coordinator Passwords (Help topic 1305)
- Forget your password? (Volunteers and Coordinators) (Help topic 1307)
- Forget your password? (System Operators) (Help topic 1306)
Please remember that the human element is often the weakest factor in a security policy so we recommend reviewing your password strength rules, and tightening them if necessary. Our Tip of the Week from June 24, 2013 has more information on this. You can find this tip on the Volgistics blog here.
Please submit an inquiry to the Volgistics Support Team if you need more information, or have any questions.