CivicPlus has upgraded its password security requirements to align with Payment Card Industry (PCI) and National Institute of Technology and Standards (NIST) guidelines. Please note that this does not mean all products are completely PCI compliant; please reference the individual product section.
Due to this upgrade, a user can no longer set a password for a different user. Instead, an email prompt will send to the user in order for them to reset their own password. In addition, passwords are no longer emailed to the user when they select Forgot Password; a reset password link sends instead.
The new password requirements state that your password needs to be sufficiently long and unique to be secure and must:
- Not match the 4 most recently used passwords
Contain characters from both of the following categories:
English characters (A through Z)
Base 10 digits (0 through 9)
- Be at least 8 characters and up to 128 characters long
- Not be a password known to be commonly used, expected, or compromised as compared to our CivicPlus password denylist
- Per NIST, passwords will never be required to be reset
- If your Organization prefers PCI or internal standards, please contact CivicPlus Support to require passwords for Users in your Organization to expire after a specified number of days.