New Feature: Session Timeout Warning for Inactivity

Overview

In the January release, we’re implementing a session timeout warning that informs auditors of inactivity while using the AppZen platform. If an auditor is inactive for 28 minutes, they’ll be prompted that their session is about to expire due to inactivity. This new functionality will help auditors keep track of what they’re currently working on.

Below are some examples of inactivity:

  1. Logging into AppZen and without clicking any menu options, remaining static on the screen.
  2. Logging into AppZen and walking away from their desk.
  3. Logging into AppZen and opening another browser tab to work on another task.

The above scenarios will result in an inactive session, prompting auditors with the AppZen login screen.

How does it work?

To improve the user experience, we’ve added a session time-out notification screen after 28 minutes of inactivity. In the final two minutes, there will be a countdown with the message: “Your session is about to expire in…”

Auditors have the option to either click  “log out” or “stay signed-in.” Clicking “log out” will end the session and bring the auditor back to the main AppZen login page.

Clicking “stay signed in” will resume the session so that auditors can continue working with fewer disruptions.

For additional awareness, the browser tab will flash a time clock symbol to visually inform the auditor that the current session is about to expire.

If an auditor doesn’t take any action and allows the timer to count down to zero, they’ll be sent back to the AppZen login page. The message “Oops, your session has expired” will appear. Simply click on the “okay” button to remove the notification to login to AppZen.

Please Note: Session timeout is not customizable on the front end of the AppZen platform. For example, an admin cannot change the session timeout from 28 minutes to 15 minutes. The default setting is 28 minutes before the session countdown begins.

Enhancements: Notification for Multiple Password Attempts

Overview

Currently, an auditor can reset their password multiple times in a short time interval without confirmation or any notification that the request has been made by the user.

For example, in a 20 minute period, auditors can request their password to be reset multiple times. To improve password security, we’re adding functionality to minimize unlimited password resend attempts.

How does it work?

In the January release, auditors who request their passwords to be reset multiple times will see a notification that states, “ There’s been multiple reset password attempts. Password reset has timed-out. Please try again in 20 minutes”

If this message appears, auditors must wait 20 minutes before attempting to reset their passwords again.

Enhancements: Confirmation Email After Password Reset

Overview

AppZen has improved the reset password process by sending a confirmation email once a password is reset to finalize the action taken by the user. The confirmation email is part of improving password security and confirming that the user action was successful.

How does it work?

AppZen allows auditors to reset their passwords if there are any problems logging into their accounts. The current workflow is to click on the “forgot password” link on the main login screen. Auditors can put their email address into the required field and click the “send email” button.

An email is sent to the email address specified in the “forgot your password” screen, prompting the user to click the secure link to reset their password. Previously, once the password was reset, there was no confirmation email sent to confirm the change.

In this January release, we’ll send an email confirmation to confirm the password change has taken effect.

Enhancements: Expired Reset Password Link

Overview

As mentioned above a password link is sent to the auditor during the reset password request process. To increase security we have added a limit on the password reset link to a 20-minute timeframe.

How does it work?

After 20 minutes of no action of resetting the password, the auditor will receive a message that states, “ The password link has expired. Please try resetting your password again” If you encounter this message you did not reset the password in the recommended time. Simply go back to the main AppZen login page to reset your password again. 

Enhancements: Password Character Requirement

Overview

Additionally, we have added password requirements to ensure that your password for AppZen meets the industry standard. Auditors that change the password after logging into AppZen and auditors that have forgotten their password are required to have a more robust password for increased security.

How does it work?

To add additional security every password reset request on either the, “Forgot Password” or “Change Password” screen requires a fixed number of characters for AppZen to process and accept the new password in our system. Here is what we require:

  • Minimum of 8 characters
  • Contains at least 1 uppercase letter
  • Contains at least 1 lowercase letter
  • 1 numerical digit
  • 1 special character [[email protected]#$%&+=*^]

Ensure that the requirements are met in order to strengthen your password to begin to access AppZen. Click the “reset password” button to complete the reset process.

Did this answer your question?