We wanted to take a moment to let all of our current police, sheriff, and corrections association website clients know about some security measures we are putting in place.
In light of the recent and ongoing attacks against police association oriented websites we have implemented some extra security measures specifically for our UnionActive clients. In the next few days these security settings will be applied to your website. Our goal is to make your website and your membership data as secure as we can. Here is a list of changes that will be applied:
1. All private member data including first name, last name, address, city, state, zip, and phone number will be encrypted in the underlying data of the website. In the unlikely event that someone was able to download or access the raw membership data in the website, or compromise the database directly, they would not be able to read any of the information that would allow someone to identify the personal name, address, or contact information of any officer. The data will be encrypted using one of the most secure encryption algorithms, making it extremely difficult for anyone to decode the information.
2. All member passwords are one-way hash encrypted, making them extremely difficult to decode. The forgot password options have been updated to a format that uses email verification with an encrypted URL to allow users to reset their passwords. We have also installed a password strength meter to help users choose a strong password.
3. All admin passwords will be checked against a password strength algorithm. Any admin account with a weak password will be forced to reset the password on their next login.
4. The database download option in the admin area will be disabled to prevent bulk download of the user data in the event of a compromised admin account. If you need an export of the user data in the future, just contact us directly and we can assist you.
In the event of a unauthorized intrusion, we believe the changes listed above will make it extremely difficult for any personal officer information to be released into the public domain. Along with these changes we continue to monitor our network and improve security whenever possible. We want all of our clients to know we take these security threats very seriously.
None of these changes will affect the functionality of the website. Users can still update their information normally, and admins can still access individual information in the admin area.
If you have any questions about the changes or security of your membership data please let us know. Thank you.