How the new Replicon password complexity requirement will impact you

We recently announced a change to password standards in Replicon. As of February 1, 2019, any new password created or updated will need a rating of ‘Good’ or better on our complexity scale.

This change will require anyone using a weak password to create a new, complex password.

This document answers the following FAQs about this change, which is being rolled out in three phases:

Phase 1: February 1, 2019 - Complexity setting enabled

What is changing in Phase 1?

How will this impact Replicon end users?

How will this impact Replicon administrators?

What if we create or update passwords using RIA or a web services integration?

Will this change impact CloudClock users?

What complexity rules do passwords have to meet?

How do we reset passwords?

Phase 2: February 28, 2019 - Users forced to upgrade passwords

What is changing in Phase 2?

How will this impact Replicon web app users?

How will this change impact Replicon Mobile users?

How will this change impact CloudClock users?

How will this change impact our integrations or customizations?

How do we update passwords in an out of the box integration?

What if we’re using a custom integration developed by Replicon?

What if we’re using a Replicon integration manager?

What if we’re using a third-party integration tool?

Phase 3: March 28, 2019 - Accounts with weak passwords disabled

What is changing in Phase 3?

How will this impact Replicon web and mobile users?

How will this impact CloudClock users?

What if we have integrations and customizations?

What if we have more questions?




Phase 1: February 1, 2019 - Complexity setting enabled

What is changing in Phase 1?

On February 1, 2019, Replicon will enable the Must Have Strength Rating of at Least Good setting – which is located on the Administration > System and Security > Security Settings page – for all Replicon customers.

How will this impact Replicon end users?

Users will continue to be able to log in with their existing passwords via the web and mobile app. However, if a user resets their password on or after this date, their new password will be required to meet the new complexity requirements.

Whenever a user changes a password via the web or mobile app, a message will prompt them to enter a ‘Good’ or better password; they won’t be able to save a password that doesn’t meet that minimum requirement.

How will this impact Replicon administrators?

If an administrator creates a new user or updates a password for a user, the new password will need to meet the minimum complexity requirement.

They will see a message stating the password must be ‘Good’ or better, and won’t be able to save passwords that don’t meet that requirement.

We recommend that administrators advise users to change their passwords before February 28, 2019, when the Phase 2 ‘force change’ setting will be enabled.

What if we create or update passwords using RIA or a web services integration?

This new requirement applies wherever passwords can be created – even if you’re creating a user via the Replicon Import Add-in (RIA), or via a web service integration. Those tools may not require a complex password when you create or update a user, so you’ll need to test passwords using the web app to ensure they’re valid before adding them via RIA or a web service integration.

Will this change impact CloudClock users?

No. CloudClock users will not be impacted by this change and can continue to punch in and out as usual.

What complexity rules do passwords have to meet?

A password’s complexity is based on several factors, including:

  • Number of characters (‘Good’ passwords often use 8 or more)
  • Use of numbers or special characters (it helps to include one or more)
  • Use of common passwords or repeating sequences (avoid these)

When users create new passwords, tips for making passwords more complex display under the New Password field.

How do we reset passwords?

Users can reset their own passwords by following these instructions. Administrators can update passwords for users by following these instructions.

back to top




Phase 2: February 28, 2019 - Users forced to upgrade passwords

What is changing in Phase 2?

On February 28, 2019, Replicon will enable the Force password change on next login setting for all the users who haven’t yet updated their password.

How will this impact Replicon web app users?

Replicon users who use a web browser will be prompted to change their password on their next login. They’ll see a message stating their password must be ‘Good’ or better. If their new password doesn’t meet this requirement, they won’t be able to save their new password or access Replicon.

How will this change impact Replicon Mobile users?

Those using our mobile app (Android or iOS) will be prompted to change their passwords when they next log in.

Android users will see the below prompts when they start a new login session on the mobile app. They can update their password via the mobile app.

  

iOS users will see the below prompts when they start a new login session on the mobile app. They can update their password via the mobile app.

  

How will this change impact CloudClock users?

CloudClock users will not be impacted and can continue to punch in and out.

How will this change impact our integrations or customizations?

Any integrations – whether out of the box integrations, custom integrations developed by Replicon, or custom integrations developed by a third party – will fail to authenticate unless the account they are associated with is using a ‘Good’ or better password.

Therefore, be sure to update the password for the account or accounts your integrations use. See the next few questions for more details.

How do we update passwords in an out of the box integration?

If you’re using one of Replicon’s out of the box integrations (e.g. QuickBooks Online integration), follow the directions below to update your password before February 28, 2019.

  1. Ensure you have a password that rates ‘Good’ or better on our complexity scale. You can do this by testing passwords for a new ‘test’ user, or using the password reset option for your account.
  2. Go to Administration > Integrations > Integration Settings.
  3. Click the integration whose password you want to update.

  1. Click Connections.

  1. Click Connect Replicon.

  1. Update the Password field with the new, complex password.

 

  1. Click Link your account.

What if we’re using a custom integration developed by Replicon?

If we developed a custom integration for you, we will reach out to our contacts within your company and work with them to ensure the passwords are updated on the customizations.

Feel free to contact Replicon Support should you have any further queries.

What if we’re using a Replicon integration manager?

If you’re using the QuickBooks desktop or Microsoft Project integration managers, you’ll need to ensure the Replicon passwords they use are ‘Good’ or better, or your syncs will fail as of February 28.

If you need help in updating the passwords contact Replicon Support for further assistance.

What if we’re using a third-party integration tool?

You’ll need to ensure the password for the account you connect with is updated by February 28.

back to top




Phase 3: March 28, 2019 - Accounts with weak passwords disabled

What is changing in Phase 3?

On March 28, 2019, Replicon will disable the account of any user who has not yet updated their password to meet the new complexity rule.

How will this impact Replicon users?

Web and mobile users who are still using weak passwords will no longer be able to access their Replicon account. To regain access, they will need to contact their Replicon administrator, who will have to re-enable their account via their user profile.

How will this impact CloudClock users?

If a CloudClock user’s account has been disabled, they will not be able to punch in or out.

If the account belonging to the administrator who set up a clock is disabled, the clock will automatically log out and will be locked and unusable until the account is re-enabled and the clock re-provisioned.

What if we have integrations and customizations?

If an integration or customization account still has a weak password, those tools will fail to authenticate. The accounts will need to be re-enabled and their passwords updated before these tools will work.

What if we have more questions?

Feel free to contact Replicon Support via phone, chat, or email should you have further questions or if you need assistance.

back to top