{"id":2584,"date":"2020-08-12T07:27:38","date_gmt":"2020-08-12T12:27:38","guid":{"rendered":"https:\/\/www.n-focus.com\/~nfci\/?p=2584"},"modified":"2020-08-12T07:38:10","modified_gmt":"2020-08-12T12:38:10","slug":"platform-change-announcement","status":"publish","type":"post","link":"https:\/\/www.n-focus.com\/~nfci\/index.php\/2020\/08\/12\/platform-change-announcement\/","title":{"rendered":"Platform Change Announcement"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Updates to the Listcounts Password Policy and Password Recovery Process<\/p>\n

TO<\/strong>: All Listcounts Users
FROM<\/strong>: Information Technology Support
NFocus Consulting, Inc 
support@n-focus.com<\/a> <\/p>\n

<\/p>\n

<\/p>\n

Effective Date<\/strong>: August 14, 2020 <\/p>\n

<\/p>\n

<\/p>\n

Summary<\/h5>\n

Beginning August 14, 2020, the password policy and password recovery process in Listcounts will change to adhere with modern secure password practices. Users could previously recover their passwords within the system which provided the user\u2019s current password back to them. Going forward a user will now be able to request a self-service password reset which will allow the user to choose a new password for the Listcounts system. Verification of the user will be accomplished via a time-limited reset token e-mailed to the address on the user\u2019s account. Recovery of existing passwords or manual manipulation of passwords by administrators will no longer be possible. <\/span><\/p>\n

<\/p>\n

<\/p>\n

Additionally, all users are encouraged to change their passwords on the ListCounts system before August 28, 2020. At that time, any users which have not changed their passwords between Aug 14 and Aug 28 will be required to change their <\/strong>Listcounts<\/strong> password prior to admittance into the system<\/strong>. In the future, the system will require a password change every 365 days. <\/p>\n

<\/p>\n

<\/p>\n

New passwords must meet complexity requirements. They must be 8 characters minimum, contain 3 of the 4 character categories (upper case, lower case, numbers, and special characters), and they cannot match any of the previous 10 passwords used on the system. <\/p>\n

<\/p>\n

<\/p>\n

Additional Information <\/h5>\n

<\/p>\n

<\/p>\n

During an annual review of the Listcounts platform it was determined that it no longer met password security best practices. Updates to the platform have been made to address these shortcomings including hardening of the user password storage system and restructuring of the password reset mechanism. The following information describes the new workflows for users and administrators. <\/p>\n

<\/p>\n

<\/p>\n

User-initiated reset: Pre-logon <\/h5>\n

<\/p>\n

<\/p>\n

At the user logon screen, the previous link to \u201crecover password\u201d has been changed to \u201creset password.\u201d If a user chooses to reset their password on the Listcounts system, they will be prompted for the e-mail address associated with their user account. Entering the e-mail address, solving the CAPTCHA, and clicking the submit button will initiate the password reset process if the e-mail address is correct. The system will send an e-mail message with a one-time use token good for 24 hours which the user may provide on the password reset page to identify themselves to the system. A link in the reset message will provide one-click access to the reset page. <\/p>\n

<\/p>\n

<\/p>\n

On the password reset the page, the user will provide a new password to the system. If the password meets the criteria as previously noted, the system will inform the user their password has been successfully changed and the user will be returned to the login page. The user may provide their login information including their new password to access the Listcounts system. <\/p>\n

<\/p>\n

<\/p>\n

A confirmation message will be sent to the user to notify them of the password change on their account. <\/p>\n

<\/p>\n

<\/p>\n

User-initiated reset: Post-logon <\/h5>\n

<\/p>\n

<\/p>\n

If the user is already logged into the Listcounts system, the user may reset their password from their account screen. In this case the user will be navigated to the password reset screen where they must enter their current password and their desired password. If the new password meets the password requirements, the password is changed and immediately takes effect.  <\/p>\n

<\/p>\n

<\/p>\n

Password resets performed after logon do not generate a reset token or a reset e-mail. Upon successful update of the user\u2019s password, a confirmation message will be sent to the user to notify them of the password change on their account. <\/p>\n

<\/p>\n

<\/p>\n

Admin-initiated reset <\/h5>\n

<\/p>\n

<\/p>\n

Administrators may initiate a password reset on a user account through the administrative interface. On a user\u2019s account page, the password field has been replaced with a button to initiate a password reset. If clicked, the system will generate a one-time token good for 24 hours which will be sent to the e-mail address associated with the user\u2019s account. The user must then complete the password reset process as noted above. Administrators no longer have the ability to directly set a user\u2019s password. <\/p>\n

<\/p>\n

<\/p>\n

User account lockout <\/h5>\n

<\/p>\n

<\/p>\n

If a user\u2019s password is older than 365 days or an administrator has manually expired the user\u2019s password, the user will be notified at login that their password is expired and must be changed. The user will not be admitted to the Listcounts system until such time as their password has been successfully reset. <\/p>\n

<\/p>\n

<\/p>\n

Abandoned Reset Tokens <\/h5>\n

<\/p>\n

<\/p>\n

If a user initiates a reset and does not successfully reset their password, the existing password at the time of the reset remains in place and the user account remains active (the user may login). The system does not change a user\u2019s login status at the time a reset is requested. <\/p>\n

<\/p>\n

<\/p>\n

If a reset request is made and is not acted upon within 24 hours, the reset token will expire, and a new reset request must be initiated to successfully reset the user\u2019s password. <\/p>\n

<\/p>\n

<\/p>\n

Reset tokens are one-time use, linked to the user account requesting the reset, and expire immediately upon redemption.  <\/p>\n

<\/p>\n

<\/p>\n

If a user or an administrator makes an additional reset request while a reset token is active for the user, the active token is immediately invalidated and replaced with a new token good for 24 hours.<\/p>


<\/p>\n

Download as Microsoft Word document: Platform-Change-Announcement-NFocus.docx<\/a><\/p>\n

<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Updates to the Listcounts Password Policy and Password Recovery Process TO: All Listcounts Users FROM: Information Technology Support NFocus Consulting, Inc  support@n-focus.com  Effective Date: August 14, 2020  Summary Beginning August 14, 2020, the password policy and password recovery process in Listcounts will change to adhere with modern secure password practices. Users could previously recover their passwords within the system which provided the user\u2019s current password back to them. Going forward a […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[10,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/posts\/2584"}],"collection":[{"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/comments?post=2584"}],"version-history":[{"count":12,"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/posts\/2584\/revisions"}],"predecessor-version":[{"id":2605,"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/posts\/2584\/revisions\/2605"}],"wp:attachment":[{"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/media?parent=2584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/categories?post=2584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.n-focus.com\/~nfci\/index.php\/wp-json\/wp\/v2\/tags?post=2584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}