As benefits professionals, we understand how important it is to keep employee data safe and secure. Often, the first line of defense against a security breach starts with the password. This week, we are revealing an enhancement made to bCEnroll's lockout policy to help eliminate the risk of password-guessing attacks. Continue reading for details on this new update!
We updated our lockout policy. In the past, employees could keep attempting their password unlimited times without getting permanently locked out. Now, they can only attempt six times within 30 minutes. For clarification, let's break this down a bit.
The NEW lockout policy:
• Employee fails three times: receives message that they are locked out.
• Employee ignores the lockout message and keeps trying: after three more attempts they are permanently locked out and require admin intervention.
• Employee accepts the lockout message, and after 30 minutes, they are automatically unlocked.
• After three more fails, they are permanently locked out and will need admin intervention.
1) There was a bug where when a Dependent Life plan was set up to use a combined rate it would cause an error. The bug was buried in a specific scenario, but has been cleared so all combined rate or “Family” plans are functioning as expected.
2) Groups that do not have any Qualifying Life Events set up in bCEnroll and utilize the Custom pages function were finding that their Custom Pages could not be edited and seemed to “disappear.” We squashed the Houdini that was causing the pages to hide so both Custom pages and Qualifying Life Event pages can be added and edited without impacting each other.
3) We updated all the locations where an image or a file can be uploaded to allow for an apostrophe in the file name. This was an expanded house-cleaning from the last bug. We checked under a couple of rugs and found it in a couple other places.