HOC 3 Release Notes 18.104.22.168
This week's release includes improvements in HandsOn Connect public site security, improvements in our universal public site template, improvements to the calendar view of invitation-code based opportunities, and performance improvements to saved searches in the /searchresults block. Here are the highlights in this release:
HandsOn Connect's public site has a low threshold for user-defined passwords (6 characters) to make it easy for non-technical folks to enter a password when registering. However, in order to encourage users to opt for stronger passwords, we've added a password meter that shows the strength of the password they are choosing. This should encourage people to avoid 'weak' passwords if they want greater security for their account information.
We have seen rare instances where 'brute force attacks' have been attempted against HandsOn Connect public sites. To protect sites from these attacks, where a bot tries to log in to an account over and over again, logins are now throttled so that after 12 unsuccessful login attempts, further attempts are blocked for 3 hours.
When a user reaches 6 failed login attempts, the system will let them know when they have only 5 attempts left and provide a countdown from thereafter. "You have X login attempts left before we have to lock your account for too many failed attempts. If you forgot your password you may want to use the password reset."
After 12 failed attempts the user is notified that "Your account has been locked for 3 hours for too many failed login attempts. This is to protect your account."
We've fixed a bug in which 'logging in as' a contact from Salesforce with the Volunteer Leader profile - did not give you the correct permissions and sharing settings for a Volunteer Leader. This has been fixed. You will now see what the leader sees when logging in from the public site.