Q1 2024 Security Update Details & FAQs

  • Updated

Update Details

As per the email sent in January, all customer accounts will be updated by the end of March.

Steps to complete

  1. All users must have a unique email address associated with their account (workers and dashboard). This can be a personal or business email address.
  2. An authentication email will be sent to these email addresses and everyone will need to verify their email address by clicking the link provided. Only those who've completed this verification will be able to log in once the update is complete.
  3. The security update will log everyone out of the system. Moving forward, users will use their email addresses and existing passwords to log back in. If they can't remember their password, they just need to click on "forgot your password?" and they'll receive a reset link.

New Login Experience

The only change to the user experience that your users will see will be the login screen. It will still have the Assignar logo on it so it should be familiar. See the new login screens below.

New Mobile Login Screen

Screenshot 2024-01-10 at 11.18.02.png

New Web Application Login Screen

Screenshot 2024-01-10 at 11.16.04.png

 

FAQs

When will this update happen?

  • This security update is mission critical and all customer accounts will be updated by the end of April 2024. If you'd like to update earlier, please submit a “Q1 2024 Security Update” ticket. We'll be happy to assist you.
  • You will be assigned a switchover date and time. If you have any concerns about this timeline or issues while working through this change, please open a ticket with our Support team.

What emails will you send my workers in the field? They are sensitive about getting spammed

  • Assignar will only use this email to send email verifications and password reset emails. We will not send any marketing or promotional emails.

What if my users don't have an email address?

  • If the user does not currently have an email address you can offer them an address on your business domain or ask them to sign up for a gmail, icloud, outlook account, or any other free email service provider.  Smartphone users are required to have an email to download our mobile app, so they will likely have one already. 

What will happen if my users do not all have emails on their user profiles when the update happens?

  • They will no longer be able to access Assignar until an email address is added for them through the web application and verified. Leading up to the update, mobile app users will be able to add their own email or your office staff can add it for them through the web application.

What if I have the same email address for both my mobile and dashboard user profiles, but the passwords are different?

  • The system upgrade will pull across only one password on the first user profile it finds. Please attempt one of your two passwords to log in, then the other, or reset your password. 

After the update, will mobile users need to log in every time they need to clock in and clock out? 

  • If the user is not archived and uses the platform at least once every 30 days, they will not need to log in again.
  • As part of this update, mobile users receive a 30 day security session token. This session token is extended by 30 days every time the user interacts with our mobile application. This securely reduces the number of times a user needs to log in. 
  • Note, users may need to log in again after updating their mobile app version.

Will there be minimum password requirements? 

  • Aligning with industry best practices, Assignar's minimum password complexity will require a minimum of 10 characters with at least 1 number and 1 capital character.
  • However, this will not be enforced until a later date, so users can keep and use the same password to log in. Users who update their password to meet the minimum requirements will not be required to do so later.

How often will users need to reset their password?

  • A password reset will be required every 365 days or if a "known breached password" is identified.

Will multifactor and/or two-factor authentication (MFA/2FA) be required?

  • As part of the update, users must verify their email address once by clicking on a secure link to enable their Assignar login. After the initial login, MFA/2FA functionality will be available, but it will be optional.
  • MFA/2FA will only be required if your organization chooses to do so. MFA/2FA options will include SMS (text message), email, or an authenticator app.
  • Two-step authentication can be enabled separately for mobile and dashboard users.

Will users with both a dashboard and worker account need two email addresses?

  • No, with the update you can log in to both your dashboard and worker accounts using the same email and password combination. This will make logins easier since you no longer need to remember different emails or passwords anymore! 

Will our email address become our username?

  • Yes, after the update, your email address will be your username. 

How will this affect Assignar Public API or Zapier integrations? 

  • Those who use our Public API and/or Zapier will need to update how you authenticate. You can learn more about the changes in this article.

 

Questions or Concerns?

Open a “Q1 2024 Security Update” ticket with our Support team. We'll be happy to assist you.

Was this article helpful?

3 out of 15 found this helpful