3-month password change requirement

tschwaar · 2 Joined: 11 Nov 2015 Posts: 4

I was just required to change my password, being told at login that it is required every 3 months. However, none of our other users have ever seen this screen or had to change their password. Is this a new requirement? Can it be turned off? (I didn't see it as a configurable setting under Settings->Users->Edit)

main@searchfit · Posted: Mon Dec 21, 2015 2:47 pm GMT Post subject:

There will be no way to turn this off, because we are taking security seriously.

The other users will see this screen next time they attempt to login.
_________________
www.searchfit.com
www.searchfit.us.com

tschwaar · 2 Joined: 11 Nov 2015 Posts: 4

OK, I appreciate the concern for security but I have several problems with the implementation:

1. Why can't the requirement to reset password be a setting that can be assigned per user.

2. Why would I, after just resetting my password yesterday, be required to change the password again today?

3. Why isn't the confirmation code sent to MY email address? And why do the address(es) that it could be sent to need to be obfuscated (only showing first and last letters) so I can't tell for sure who it's going to go to?

main@searchfit · Posted: Wed Dec 23, 2015 1:37 pm GMT Post subject:

1. We don't want anybody else to be in control of that.

2. We issued 2 patches that required password change twice unfortunately. This should not happen anymore.

3. We send confirmation code only to email addresses we have on file within the SF software you own. We don't want to show the full email addresses in case somebody else is trying to get an access. We don't want him to see where exactly we are sending those confirmation codes. You can always edit your user and add your personal email address as comma separated in the "Emails" field. So next time when the system asks for a password change, you can chose to send the code to that email.
_________________
www.searchfit.com
www.searchfit.us.com

ATrubka · 2 Joined: 08 Mar 2010 Posts: 279

I wonder who designs all that at SearchFit.
Guys, it's time to look around at other high security services, at your competition and do the same or better, not worse.

main@searchfit · Posted: Tue Jan 05, 2016 8:55 pm GMT Post subject:

ATrubka, we are doing it all to better protect all your customer's data.

We have to be changing passwords every 3 months. We will take some extra measures in the coming months.

We had to issue one more time passwords change.

I hope you understand, it is again to protect data.

Also, we had to take some additional measures to advance secure some accounts. If this happens to be one of yours, please contact you SF account rep to get further instructions how to proceed.
_________________
www.searchfit.com
www.searchfit.us.com

ATrubka · 2 Joined: 08 Mar 2010 Posts: 279

My point is that while security is important, the quality and convenience of the implemented feature is way below current standards.

This level of UI/UX, convenience and quality doesn't make you more competitive nowadays. I hope you'll use my feedback to make your platform better.

main@searchfit · Posted: Tue Jan 05, 2016 9:19 pm GMT Post subject:

Our actions are based on some urgent matters. I apologize you had to change your passwords couple of times already, but this is temporary while we are working on a better solution.
_________________
www.searchfit.com
www.searchfit.us.com