TWO-FACTOR AUTHENTICATION & INCREASED PASSWORD COMPLEXITY REQUIRMENTS
Important updates happening with security! For more details, please watch our previously recorded webinar on the update today!
What you can look forward to:
- NEW! Options to enable two-factor authentication for administrator and employee level end users
- Addendum to Terms of Service
- Increased password complexity requirements
Does this update affect all users or users within specific modules?
This release is available to for all users. Two-factor authentication released at company level; enterprise level functionality to be released later in our roadmap.
When is this change happening?
This change will be released with our June 14th, 2018 Release
Is there any action required?
- Accounts opting to use two-factor authentication will be required to designate no less than two security admins when activating the feature
- Each account will be required to specify whether opting in or out. All Administrators will be presented with addendum and be required to confirm as read by the 60thday following release if this has not been completed.
- Users with two-factor authentication will be required to install the Google Authenticator app to make use of the feature.
- Users will be forced to update to a new password format by the 30thday following release.
COMPANY LEVEL TWO-FACTOR AUTHENTICATION
Two-factor authentication provides an additional layer of security by using Google’s authenticator app as a second factor for authorization.
‘Security’ administrators created to have access to setup and adjust company two-factor settings, as well as reset employee two-factor as needed. Setup > Administrators > Click into Admin > General Settings
Three options for enabling/declining two-factor authentication use; all users, administrators only or decline feature. Setup > Setup Properties > General > Security
Two-factor setting changes are logged with the system audit log. System > Audit Log
PASSWORD REQUIREMENTS UPDATE
Passwords will be required to include at least one uppercase, one number, and one special character
ADDENDUM TO TERMS OF SERVICE
Additional language added outlining data security, outlining InfinityHR’s position regarding data security and the responsibility of the user to protect confidential data:
“LICENSOR is providing the TFA Functionality on an “AS IS” basis and LICENSOR provides no warranties as to its merchantability or fitness for a particular purpose relating to the Product during the License Period. Further, LICENSEE understands and agrees that LICENSOR and its vendors will have absolutely no liability of any kind for any loss, costs or damages resulting from LICENSEE’S use of the Product during this License Period or thereafter. LICENSOR has hereby informed LICENSEE that TFA Functionality and other information security policy practices should be used to safeguard sensitive information, including PHI as defined by HIPAA. LICENSOR is not responsible for the actions or inactions of LICENSEE, its employees, its agents, and/or other third parties with respect to their use of the system and information security. LICENSEE shall indemnify and hold harmless LICENSOR for any third-party claims related to LICENSEE’s use of the Software. The parties agree to comply fully with HIPAA regulations, to the extent required by law, as set forth in the Business Associate Agreement maintained at www.Infinity-SS.com”