NOTE: Changes as of 10/13/2022 Update.
Overview
Maintaining proper password protocols are important. Aeries has developed an automatic password hashing process that will occur each day to ensure that passwords are always hashed and protected. Admin users will be reminded to run the Users with Invalid Passwords report regularly.
User Security Check ↑
When a user logs into a database after the 10/13/2022 update, a LRP (Long Running Process) will run to hash all plain-text passwords in the database from the UGN or PWA accounts, including Admin, Users, Teachers, Parent and Student accounts. This process will be triggered each day by the first user that logs into the database. The system will check to see if any UGN or PWA accounts exist that do not have password hashing applied.
NOTE: Plain-text passwords are not created by Aeries; however, accounts can be imported into SQL with plain-text passwords. This process will ensure that the passwords for such accounts are protected.
During the process, the following will occur:
- All UGN and PWA records will be analyzed to determine if plain-text passwords exist. (Plain-text passwords are identified by UGN.HT = -1 or PWA.HT = -1. ) All plain-text passwords will be hashed during this process and the HT field will be updated. (For UGN, Active Directory/LDAP accounts will be skipped. For example, UTY = 'adadmin', 'aduser', 'adteacher', 'adteachersub)
- All password hashing will occur on a daily basis upon the first login for the day regardless of the user account type logged in.
- The LRP will run anonymously, meaning there will be no email notification when it has completed.
NOTE: Hashing is a process of using an algorithm to turn plain text into unintelligible characters, which increases security.
Users with Invalid Passwords ↑
After the 10/13/2022 update, all admin users will have a red Reminder message at the top of the Home page reminding them to review the Users with Invalid Passwords report on a regular basis. Once the report is run, if there are records that appear on the report that need to be fixed, the reminder message will be suppressed for 30 days. If there are no records appearing on the report (No Information to Print), the reminder message will be suppressed for 90 days. If the report is not run again during this time period, then the reminder message will appear again.
The report can be generated by an Admin from the navigation under View All Reports. If the Alert message is displayed on the Home screen, a link to this report is available. The report can be generated to include Student and Parent Accounts. It is highly recommended to select either Email option for the Report Delivery. Due to the computational intensity of this report, it may take a very long time to run. It is not necessary to keep the report options page open while the report is running.
Selecting to receive an email will notify the user that the report has completed. If Email w/ Link is selected, the email will include a hyperlink with Click here that will take the user to the login page of Aeries. The user will need to login to their account and navigate to Report History to access the report.
The completed report can be found by navigating to Reports > View All Reports > Report History > Print Users with Invalid Passwords. When the report is first generated, the report will display with a status of "Running" and the date and time the report was initiated. Once the report has completed, the Status column will display as completed. The report will only be available to the user that generated it.
NOTE: The Print Users with Invalid Passwords report can take a very long time to run. It is recommended to select the Email delivery option that will notify the user when the report is complete. The page can be closed while the report is running. Closing the page does not cancel the report.
For more information about password requirements, see Aeries Password Requirements documentation.