Thank you to all of you who have taken the time to provide feedback on recent events. In line with that feedback, we have made a number of changes to increase security of our systems. The major change is in how customers and partners login and change credentials.
Going forward, in order to change a passphrase and password you will need to go to login.gradwell.com (you can no longer change passphrases or passwords through the Gradwell Control Panel). We have made this change to provide a central place for handling login information and the process forces a password change if it is the first time you login using this method. This process is called Single Sign On (SSO).
If you have not setup a passphrase, the SSO system will force you to set one at the same time as you change your password. If you have a passphrase, you will need to use three characters from the phrase to validate a password change.
Having setup a passphrase, you will need to use three passphrase characters to validate each login you make (unless you tick remember me which will be valid for 30 days on that device).
As temporary measure, we have removed the functionality to change your password and passphrase from the portal; this means that the portal cannot be used as a work around.
When changes are made to account details, the IP ACL or call barring rules in the VoIP CP, an email notification is sent to the master user account.
We have received a lot of comments, most of which have been negative about the requirement to reset credentials every 3 months; we have now removed this requirement.
The portal will use SSO as its login system. When setting a passphrase, we will offer a drop down of three suggested hints and an option for one of your own. This should help make passphrase answers a bit more standardised.
We also plan to use SSO for our partners.
The previous process for password reminders included contacting Gradwell in order to reset passwords; this will no longer be possible and having clicked on the Reset button within the Control panel, the customer will receive an email in order to reset passwords.
You’ve been asking us for passwords with special characters for some time and we are working to that end. We anticipate the use of special character passwords in the following few days.