Get Started Get Started

Oncord Security Update

We have recently improved our already-robust security so you can have the peace of mind of knowing you're safe.

Oncord Security Update

Oncord Security Update: Building a Secure Environment

We have recently improved our already-robust security so you can have the peace of mind of knowing you're safe.

Two Factor Authentication

We’ve added in a new 2 stage verification process which will be similar to what you would have experienced with your bank. If you are logging in from an unusual location (determined by your ip address) or after 6 failed login attempts, you will be alerted with a text message verification code to confirm that the changes that are about to be made are being made only by you. The verification codes last 15 minutes and once expired, will be re-issued automatically next time you log in.

Mandatory Password Strength 

We’ve also added in a ruleset for creating passwords to make them more secure. From now on, passwords:

  • Must be minimum 8 characters long
  • Must contain both alphabetical and numerical characters
  • Not be the same as your last 4 passwords

How am I Affected?

As a result of adding these extra security features, all administrator accounts will need to refresh their passwords as well as attach a mobile phone number to each account.

  • Administrator accounts must have unique usernames and email accounts attached to them so it is easier for you to track who has made changes to your website.We strongly encourage users have individual accounts and advise against using 'shared accounts' as it can increase the risk of the sensitive information being exposed to malicious behavior
  • Password encryption has been upgraded to a new encryption method which makes your passwords much more resistant to password cracking, even if password cracking software is used. We’ve also added a new feature which automatically enables the SSL protected ‘HTTPS’ on any page that has a ‘Password’ field on it.
  • When logged in, a logout button is now visible when viewing a public and editable page
  • Inactive accounts will be disabled automatically after 90 days for sites that contain e-commerce features and 180 days for sites that don’t.
  • Admins will be required to change their passwords every 365 days.
  • HTTPS on all pages when you are logged in with a privileged account to prevent potential session hijackings via network snooping.  Whilst logged in, you will be accessing the site via your domain.

Other Changes

We have also implemented CSRF tokens to prevent CSRF attacks and have upgraded our cryptography software to always generate output that is suitable for cryptographic use.

This extensive list of security updates are being made to keep your website’s sensitive information private, as it should be. We believe that your information should only stay in your hands and will do everything we can to give you the peace of mind that your website is safe.

If you have any feedback about the latest patch, please don’t hesitate to reach out. We know it might be a slight inconvenience for some of you, but it is all in the best interest for your security.

Leave a Comment

First and Last Names
E-mail Address

Subscribe to stay up-to-date with new features and announcements.

Displaying Events has never been easier. Learn about the changes we've made to Events and Dynamic Displays.

A new Oncord Lite plan will be made available from March 1st 2024, alongside changes to Oncord pricing. We're increasing plan limits, eliminating overage fees, and making it easier to manage costs hosting e-mail with Oncord. 

We recently celebrated the launch of a new UK hosting cluster, improving performance for Oncord clients based around the United Kingdom. It's now easier than ever to filter Contacts and other data throughout Oncord thanks to an overhaul of the "Filter by Conditions" system. We've introduced a new Status Page to monitor service status, and deployed plenty of improvements to help Oncord Commerce clients improve how they sell online.

Try a Demo, or Speak With a Consultant

Get Started Get Started