24-Nov-2011
Effective
December 14th 2011 we will be updating the way we handle CRM user passwords, for security reasons. In order to achieve a greater level of security, we are going to update some of our Admin Console user interfaces and CRM APIs. Existing customer reports will also be altered during the update.
>Below is a list of user interfaces and APIs impacted by the change:
- BC Admin > Customers > Customers > View customer details: CRM user password will be obfuscated
- BC Admin > Customers > Customers > Edit customer details: CRM user password will be obfuscated; site admin or partner will still be able to update the password
- BC Admin > Reports > Customer Reports > New Customer Report > Step 2 - Select fields: Password field will be removed from the list of available fields, making the password field unavailable in Customer Reports
- BC Admin > Reports > Customer Reports > Saved Customer Reports > View data: Password field will be removed from ALL saved reports; customer sites will be altered
- BC CRM APIs > ContactList_Retrieve, Contact_RetrieveByEmailAddress, Contact_RetrieveByEntityID, Contact_RetrieveByExternalID, Contact_RetrieveByUsernamePassword, Contact_Retrieve, Contact_Retrieve (message name Contact_Retrieve2), Contact_Retrieve (message name Contact_Retrieve3) - Password field will return an empty value.
- BC Admin > Email Marketing > Create campaign - {tag_recipientpassword} will be deprecated and customers will be unable to send the password in email campaigns; when running the campaign, the tag will return an empty value.
>Following the change, Site Admin users will still be able to help customers recover their passwords by using one of the following methods:
- Use "Email Login Details" from Customer Details > Manage Customer Subscriptions screen
- Update login pages to include a "Forgot Password" form which customers can use to retrieve their secure zone passwords