In this page | |
|---|---|
|
Password checks used in Vonage Contact Center
Vonage Contact Center (VCC) uses two different password mechanisms to ensure that the data in your VCC account is secure: password policy check and compromised password check.
In this page | |
|---|---|
|
Password policy check
In Configuration (within Account Settings) in the VCC Admin Portal, an admin user can configure the password policy for an account. The policy includes how often users need to update their password and the complexity requirementshow complex the password should be. The number and types of characters that must appear in passwords determine the complexity.
...
Passwords that are easy to guess—such guess — such as password, 1234567890, secret—are secret — are most likely to be compromised. Even words that conform to a complex policy—such policy — such as Pa$$word!! and Password@1—may Password@1 — may be compromised.
If a user tries to set or reset their password to, or tries to log in with, a compromised value, an error appears and the user must change their password.
| Tip |
|---|
If a user’s password is identified as being compromised, they should also change their password for any other sites or applications that use it. |
Password managers
Users should be encouraged to use a password manager for both generating and storing a unique, random, and secure password for use in the VCC Admin Portal and ContactPad.
For more information about logging into VCC Admin Portal and ContactPad, and setting a password, see Logging in to the Vonage Contact Center Admin Portal and Logging in to ContactPad.
Forced password resets
Forcing users to reset their passwords can improve security. One-off password resets after a security incident demonstrate a quick response and build customer trust.
VCC provides two types of forced password resets: user-level password resets available to supervisors and admins, and mass password resets triggered by Vonage.
User-level password resets in User Admin
In cases of security breaches or suspected unauthorized access, supervisor and admin users can reset one or more users' passwords. When a supervisor or admin initiates a password reset for a particular user:
- The user is automatically logged out of out of ContactPad or VCC
- The user receives an email containing instructions for resetting their password. If the user does not receive the email, they can use the Forgot your password link.
- The user's account is blocked. Until they reset their password, the user cannot log in to their account.
Mass password resets from Vonage
To improve security and reduce the risk of data breaches, Vonage can trigger mass password resets for all users who did not update their passwords for a specific amount of time. When a mass password reset is triggered by Vonage:
- Vonage will send an email to each applicable user using the email address associated with their account. The email will contain instructions for resetting their password. (If the user does not receive the email, they can reset their password using the Forgot your password link.)
- Vonage will block applicable users' accounts. Until users reset their passwords, they will not be able to log in to their account.
| Note |
|---|
| To limit disruption caused by a mass password reset, such resets will be performed over multiple days targeting 10–15% of randomly selected users each time. |
Forced password reset email
| Tip | ||
|---|---|---|
| ||
Subject: Reset your password for Vonage Contact Center |
Blocked account message
| Tip | ||
|---|---|---|
| ||
Password reset is required |