Protecting the privacy of your employees and clients is a top priority for your business. It’s also a top priority for AppointmentPlus! That’s why we’re making a few changes to the user interface that will enhance system security, and make it easier for AppointmentPlus® users to update and protect their login information.
On Saturday, April 16, 2016, we will be rolling out these changes to our application beginning at 10 pm Pacific Daylight time. During this period, the system will be temporarily disabled for approximately three hours. We plan to have the system back online by 1 am Pacific Daylight time on Sunday, April 17, 2016.
So what’s changing? First of all, this update will NOT affect your existing login information. We’re simply making it easier for users to reset their login information and keep it secure.
We’re also adding some new features to the software to equip your business with extra security tools. We’ll cover all the changes to the user interface in this article. But first, let’s review some of the general security improvements you’re going to notice.
Setting temporary passwords in Site Administration
One of the most important changes we’re making is to the process of creating permanent passwords. Administrative users can still add and reset passwords for staff members and customers, but the passwords they create will always be temporary.
If you currently follow a process that requires Site Administration users to create permanent passwords for staff members or customers, the process will need to change. The reason: Going forward, only users will be able to create permanent passwords for themselves.
After the Update
|Who created the password||For whom?||Is the password permanent or temporary?||
Who created the password?
|For whom?||Is the password permanent or temporary?|
|Administrator||Another User||Permanent||Administrator||Another User||Temporary|
|Owner of password||Themselves||Permanent||Owner of password||Themselves||Permanent|
NOTE: This change will also apply to mass uploads of customer data. The passwords will always be set as temporary when uploaded. Users will be prompted to create a new password after logging in with their temporary password.
Browser auto-fill disabled for passwords
To enhance browser security for all users, we will disable auto-fill of the Login and Password fields on all login pages. You will have to manually key in both your Login and Password each time you log in.
Password change now required when updating Login
After the update, any user attempting to change their Login will be required to update their Password at the same time. This can be done when viewing a profile in Site Administration, or by clicking the Account tab at the top of the Customer View interface.
Last five passwords restricted
It will no longer be possible to create new passwords that match one of the five most recently used passwords for any given profile. This restriction applies to administrative and end-user profiles.
Passwords you’ve used prior to the update will not be restricted. The system will start keeping track of your recently used passwords beginning with your next password reset after the update has occurred.
Account-specific password reset
We’re adding a new field to the Site Administration login page that makes it possible to update a password for a specific AppointmentPlus account. If you forget your password and use the same email address across multiple accounts, the system will prompt you to provide an AppointmentPlus account number prior to sending you a password-reset email. The Account Number field will appear after you’ve clicked the “forgot password?” link and entered an email address associated with multiple accounts.
What to do
This system update will not change any existing passwords, nor will it require users to update their passwords. You can keep your current password for as long as you like.
However, if you do not remember your existing password (maybe you’ve been relying on the auto-fill feature), we recommend taking the following steps to make sure you can successfully update your password after the update.
1. Add a valid email address to your profile — Clicking the “forgot password?” link is the most common method used to reset a password. But if your profile doesn’t include a valid email address, the system won’t be able to send you the necessary password-reset email! Having a valid email address in your profile ensures you can reset your password quickly and easily anytime you need to. Helpful hints: Be sure to associate only one email address with your profile, and that the email address does not include extra characters or spaces.
2. Make note of your account number — Administrative users may be prompted to enter their account number when performing a password reset. We recommend storing your account number in a secure location outside of your AppointmentPlus account (in a password manager application, like Passpack account). If you have multiple accounts, it is highly recommended that you save an account number for at least one location within each account.
User interface changes
Site Administration header updates
Now that all users with Site Administration access might need to know their account number, the account number will now be displayed within the header of the Site Administration interface. This change only applies to users who don’t have access to the Settings tab.
The header section will also contain details about your last successful login, including the date, time, and time zone.
New Customer View setting
A new setting will allow administrators to set the “inactivity” duration used to determine when end-users will be automatically logged out. By default, the new preference will be turned off (meaning no automatic logout time is set). You can enable the feature within your account settings, and choose your preferred duration:
Administrative User profiles
Since passwords used to add and update administrative user profiles will be temporary, this update will remove the check-box option to set a temporary password.
For profiles that use a single email address across multiple AppointmentPlus accounts, we’re adding the option to specify the account number when you want to change a password. The Account Number field will show after clicking the “forgot password” link from the Site Administration login page and entering an email address associated with more than one AppointmentPlus account. When prompted, simply enter the account number associated with the account for which you need to update your password:
New Password Reset option
We added a new feature that makes it easier for account administrators to trigger a password reset email for other users. If one of your users requests a new password, simply click the “send email” link next to their profile when viewing the list of users in your account. The system will send the user a link to create a new password, as long as their profile includes a valid email address. The new buttons will only show for users with Headquarters or Location Administrator access rights.
Similar to adding and updating passwords for administrative users, passwords will also be temporary when adding and updating end-user profiles. Therefore, this update will remove the check-box option to set a temporary password.
In addition, administrators will be required to enter their own password when updating the login information of end-users. Once a temporary password is set, the end-user will be prompted to enter a new, permanent password after logging in with their temporary password:
End-user Account page
A new “Change Login/Password” button will be added to the Account page within the Customer View. End-users will be required to enter their current password prior to entering a new password.
NOTE: If the end user attempts to update their Login, they will also be required to update their Password at the same time: