SearchFit - Ecommerce Platform Live Chat Call Us Today! 888.398.4703

3-month password change requirement

 
Post new topic   Reply to topic    forums.searchfit.com Forum Index -> SearchFit Questions and Suggestions
View previous topic :: View next topic  
Author Message
tschwaar
2


Joined: 11 Nov 2015
Posts: 4

PostPosted: Mon Dec 21, 2015 11:08 am GMT    Post subject: 3-month password change requirement Reply with quote

I was just required to change my password, being told at login that it is required every 3 months. However, none of our other users have ever seen this screen or had to change their password. Is this a new requirement? Can it be turned off? (I didn't see it as a configurable setting under Settings->Users->Edit)
Back to top
View user's profile Send private message Visit poster's website
main@searchfit
Site Admin
Site Admin


Joined: 23 Jan 2003
Posts: 7444
Location: California

PostPosted: Mon Dec 21, 2015 2:47 pm GMT    Post subject: Reply with quote

There will be no way to turn this off, because we are taking security seriously.

The other users will see this screen next time they attempt to login.
_________________
www.searchfit.com
www.searchfit.us.com
Back to top
View user's profile Send private message
tschwaar
2


Joined: 11 Nov 2015
Posts: 4

PostPosted: Wed Dec 23, 2015 1:03 pm GMT    Post subject: Reply with quote

OK, I appreciate the concern for security but I have several problems with the implementation:

1. Why can't the requirement to reset password be a setting that can be assigned per user.

2. Why would I, after just resetting my password yesterday, be required to change the password again today?

3. Why isn't the confirmation code sent to MY email address? And why do the address(es) that it could be sent to need to be obfuscated (only showing first and last letters) so I can't tell for sure who it's going to go to?
Back to top
View user's profile Send private message Visit poster's website
main@searchfit
Site Admin
Site Admin


Joined: 23 Jan 2003
Posts: 7444
Location: California

PostPosted: Wed Dec 23, 2015 1:37 pm GMT    Post subject: Reply with quote

1. We don't want anybody else to be in control of that.

2. We issued 2 patches that required password change twice unfortunately. This should not happen anymore.

3. We send confirmation code only to email addresses we have on file within the SF software you own. We don't want to show the full email addresses in case somebody else is trying to get an access. We don't want him to see where exactly we are sending those confirmation codes. You can always edit your user and add your personal email address as comma separated in the "Emails" field. So next time when the system asks for a password change, you can chose to send the code to that email.
_________________
www.searchfit.com
www.searchfit.us.com
Back to top
View user's profile Send private message
ATrubka
2


Joined: 08 Mar 2010
Posts: 279

PostPosted: Tue Jan 05, 2016 8:45 pm GMT    Post subject: Reply with quote

I wonder who designs all that at SearchFit.
Guys, it's time to look around at other high security services, at your competition and do the same or better, not worse.
Back to top
View user's profile Send private message
main@searchfit
Site Admin
Site Admin


Joined: 23 Jan 2003
Posts: 7444
Location: California

PostPosted: Tue Jan 05, 2016 8:55 pm GMT    Post subject: Reply with quote

ATrubka, we are doing it all to better protect all your customer's data.

We have to be changing passwords every 3 months. We will take some extra measures in the coming months.

We had to issue one more time passwords change.

I hope you understand, it is again to protect data.

Also, we had to take some additional measures to advance secure some accounts. If this happens to be one of yours, please contact you SF account rep to get further instructions how to proceed.
_________________
www.searchfit.com
www.searchfit.us.com
Back to top
View user's profile Send private message
ATrubka
2


Joined: 08 Mar 2010
Posts: 279

PostPosted: Tue Jan 05, 2016 9:06 pm GMT    Post subject: Reply with quote

My point is that while security is important, the quality and convenience of the implemented feature is way below current standards.

This level of UI/UX, convenience and quality doesn't make you more competitive nowadays. I hope you'll use my feedback to make your platform better.
Back to top
View user's profile Send private message
main@searchfit
Site Admin
Site Admin


Joined: 23 Jan 2003
Posts: 7444
Location: California

PostPosted: Tue Jan 05, 2016 9:19 pm GMT    Post subject: Reply with quote

Our actions are based on some urgent matters. I apologize you had to change your passwords couple of times already, but this is temporary while we are working on a better solution.
_________________
www.searchfit.com
www.searchfit.us.com
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    forums.searchfit.com Forum Index -> SearchFit Questions and Suggestions All times are GMT - 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum