Q1 2024 Security Update Details & FAQs

  • Updated

Update Details

As per the email sent in January, all customer accounts will be updated by the end of March.

Steps to complete

  1. All users must have a unique email address associated with their account (workers and dashboard). This can be a personal or business email address.
  2. An authentication email will be sent to these email addresses and everyone will need to verify their email address by clicking the link provided. Only those who've completed this verification will be able to log in once the update is complete.
  3. The security update will log everyone out of the system. Moving forward, users will use their email addresses and existing passwords to log back in. If they can't remember their password, they just need to click on "forgot your password?" and they'll receive a reset link.

New Login Experience

The only change to the user experience that your users will see will be the login screen. It will still have the Assignar logo on it so it should be familiar. See the new login screens below.

New Mobile Login Screen

Screenshot 2024-01-10 at 11.18.02.png

New Web Application Login Screen

Screenshot 2024-01-10 at 11.16.04.png

 

FAQs

When will this update happen?

  • This security update is mission critical and all customer accounts will be updated by the end of March 2024. If you'd like to update earlier, please submit a “Q1 2024 Security Update” ticket. We'll be happy to assist you.
  • Otherwise, all accounts will be updated on 1 April 2024. If you have any concerns about this timeline or issues while working through this change, please open a ticket with our Support team.

What emails will you send my workers in the field? They are sensitive about getting spammed

  • Assignar will only use this email to send email verifications and password reset emails. We will not send any marketing or promotional emails.

What if my users don't have an email address?

  • If the user does not currently have an email address you can offer them an address on your business domain or ask them to sign up for a gmail, icloud, outlook account, or any other free email service provider.  Smartphone users are required to have an email to download our mobile app, so they will likely have one already. 

What will happen if my users do not all have emails on their user profiles when the update happens?

  • They will no longer be able to access Assignar until an email address is added for them through the web application and verified. Leading up to the update, mobile app users will be able to add their own email or your office staff can add it for them through the web application.

After the update, will mobile users need to login every time they need to clock in and clock out? 

  • If the user is not archived and uses the platform at least once every 30 days, they will not need to log in again.
  • As part of this update, mobile users receive a 30 day security session token. This session token is extended by 30 days every time the user interacts with our mobile application. This securely reduces the number of times a user needs to log in. 
  • Note, users may need to log in again after updating their mobile app version.

Will there be password requirements? 

  • Assignar will increase the minimum password complexity requirements as part of this security update.
  • Aligning to industry best practices, Assignar's minimum password complexity will be a minimum of 10 characters with at least 1 number and 1 capital character.

How often will users need to reset their password?

  • A password reset will be required every 365 days or if a "known breached password" is identified.

Will multifactor and/or two-factor authentication (MFA/2FA) be required?

  • As part of the update, users must verify their email address once by clicking on a secure link to enable their Assignar login. After the initial login, MFA/2FA functionality will be available, but it will be optional.
  • MFA/2FA will only be required if your organization chooses to do so. MFA/2FA options will include SMS (text message), email, or an authenticator app.
  • Two-step authentication can be enabled separately for mobile and dashboard users.

What if some users have both a dashboard and worker account - will they need two email addresses?

  • No, with the update you can log in to both your dashboard and worker accounts using the same email and password combination. This will make logins easier since you no longer need to remember different emails or passwords anymore! 

Will our email address become our username?

  • Yes, after the update, your email address will be your username. 

How will this affect Assignar Public API or Zapier integrations? 

  • Those who use our Public API and/or Zapier will need to update how you authenticate. You can learn more about the changes in this article.

 

Questions or Concerns?

Open a “Q1 2024 Security Update” ticket with our Support team. We'll be happy to assist you.

Was this article helpful?

1 out of 2 found this helpful