Get Started Get Started

Oncord Security Update

We have recently improved our already-robust security so you can have the peace of mind of knowing you're safe.

Oncord Security Update

Oncord Security Update: Building a Secure Environment

We have recently improved our already-robust security so you can have the peace of mind of knowing you're safe.

Two Factor Authentication

We’ve added in a new 2 stage verification process which will be similar to what you would have experienced with your bank. If you are logging in from an unusual location (determined by your ip address) or after 6 failed login attempts, you will be alerted with a text message verification code to confirm that the changes that are about to be made are being made only by you. The verification codes last 15 minutes and once expired, will be re-issued automatically next time you log in.

Mandatory Password Strength 

We’ve also added in a ruleset for creating passwords to make them more secure. From now on, passwords:

  • Must be minimum 8 characters long
  • Must contain both alphabetical and numerical characters
  • Not be the same as your last 4 passwords

How am I Affected?

As a result of adding these extra security features, all administrator accounts will need to refresh their passwords as well as attach a mobile phone number to each account.

  • Administrator accounts must have unique usernames and email accounts attached to them so it is easier for you to track who has made changes to your website.We strongly encourage users have individual accounts and advise against using 'shared accounts' as it can increase the risk of the sensitive information being exposed to malicious behavior
  • Password encryption has been upgraded to a new encryption method which makes your passwords much more resistant to password cracking, even if password cracking software is used. We’ve also added a new feature which automatically enables the SSL protected ‘HTTPS’ on any page that has a ‘Password’ field on it.
  • When logged in, a logout button is now visible when viewing a public and editable page
  • Inactive accounts will be disabled automatically after 90 days for sites that contain e-commerce features and 180 days for sites that don’t.
  • Admins will be required to change their passwords every 365 days.
  • HTTPS on all pages when you are logged in with a privileged account to prevent potential session hijackings via network snooping.  Whilst logged in, you will be accessing the site via your domain.

Other Changes

We have also implemented CSRF tokens to prevent CSRF attacks and have upgraded our cryptography software to always generate output that is suitable for cryptographic use.

This extensive list of security updates are being made to keep your website’s sensitive information private, as it should be. We believe that your information should only stay in your hands and will do everything we can to give you the peace of mind that your website is safe.

If you have any feedback about the latest patch, please don’t hesitate to reach out. We know it might be a slight inconvenience for some of you, but it is all in the best interest for your security.

Leave a Comment

First and Last Names
E-mail Address

Subscribe to stay up-to-date with new features and announcements.

It's only a website  - there’s not a lot that can go wrong from a legal perspective right? We spoke with intellectual property and technology law experts, Dundas Lawyers about websites, copyright, and ensuring you don’t run into trouble.

The latest Oncord update includes the addition of drag-and-drop rotators and banners, a Domain Health Checker to enhance email deliverability, the ability to bulk remove contacts from groups, and integration with Eventbrite for streamlined event management. Additionally, our events RSVP system has been improved, and we've added new notification options and automations for recurring sales.

We're updating the hosting environment that powers Oncord and your website to Kubernetes. Kubernetes is modern technology for deploying server infrastructure.

Try a Demo, or Speak With a Consultant

Get Started Get Started