We recently announced a change to password standards in Replicon. As of February 1, 2019, any new password created or updated will need a rating of ‘Good’ or better on our complexity scale.
This change will require anyone using a weak password to create a new, complex password.
This document answers the following FAQs about this change, which is being rolled out in three phases:
On February 1, 2019, Replicon will enable the Must Have Strength Rating of at Least Good setting – which is located on the Administration > System and Security > Security Settings page – for all Replicon customers.
Users will continue to be able to log in with their existing passwords via the web and mobile app. However, if a user resets their password on or after this date, their new password will be required to meet the new complexity requirements.
Whenever a user changes a password via the web or mobile app, a message will prompt them to enter a ‘Good’ or better password; they won’t be able to save a password that doesn’t meet that minimum requirement.
If an administrator creates a new user or updates a password for a user, the new password will need to meet the minimum complexity requirement.
They will see a message stating the password must be ‘Good’ or better, and won’t be able to save passwords that don’t meet that requirement.
We recommend that administrators advise users to change their passwords before February 28, 2019, when the Phase 2 ‘force change’ setting will be enabled.
This new requirement applies wherever passwords can be created – even if you’re creating a user via the Replicon Import Add-in (RIA), or via a web service integration. Those tools may not require a complex password when you create or update a user, so you’ll need to test passwords using the web app to ensure they’re valid before adding them via RIA or a web service integration.
No. CloudClock users will not be impacted by this change and can continue to punch in and out as usual.
A password’s complexity is based on several factors, including:
When users create new passwords, tips for making passwords more complex display under the New Password field.
On February 28, 2019, Replicon will enable the Force password change on next login setting for all the users who haven’t yet updated their password.
Replicon users who use a web browser will be prompted to change their password on their next login. They’ll see a message stating their password must be ‘Good’ or better. If their new password doesn’t meet this requirement, they won’t be able to save their new password or access Replicon.
Those using our mobile app (Android or iOS) will be prompted to change their passwords when they next log in.
Android users will see the below prompts when they start a new login session on the mobile app. They can update their password via the mobile app.
iOS users will see the below prompts when they start a new login session on the mobile app. They can update their password via the mobile app.
CloudClock users will not be impacted and can continue to punch in and out.
Any integrations – whether out of the box integrations, custom integrations developed by Replicon, or custom integrations developed by a third party – will fail to authenticate unless the account they are associated with is using a ‘Good’ or better password.
Therefore, be sure to update the password for the account or accounts your integrations use. See the next few questions for more details.
If you’re using one of Replicon’s out of the box integrations (e.g. QuickBooks Online integration), follow the directions below to update your password before February 28, 2019.
If we developed a custom integration for you, we will reach out to our contacts within your company and work with them to ensure the passwords are updated on the customizations.
Feel free to contact Replicon Support should you have any further queries.
If you’re using the QuickBooks desktop or Microsoft Project integration managers, you’ll need to ensure the Replicon passwords they use are ‘Good’ or better, or your syncs will fail as of February 28.
If you need help in updating the passwords contact Replicon Support for further assistance.
You’ll need to ensure the password for the account you connect with is updated by February 28.
On March 28, 2019, Replicon will disable the account of any user who has not yet updated their password to meet the new complexity rule.
Web and mobile users who are still using weak passwords will no longer be able to access their Replicon account. To regain access, they will need to contact their Replicon administrator, who will have to re-enable their account via their user profile.
If a CloudClock user’s account has been disabled, they will not be able to punch in or out.
If the account belonging to the administrator who set up a clock is disabled, the clock will automatically log out and will be locked and unusable until the account is re-enabled and the clock re-provisioned.
If an integration or customization account still has a weak password, those tools will fail to authenticate. The accounts will need to be re-enabled and their passwords updated before these tools will work.
Feel free to contact Replicon Support via phone, chat, or email should you have further questions or if you need assistance.