This week's releases:
Global | Core Platform | Additional security on member login
We’ve added two new security features to further verify the identity of employees at certain points when accessing their engagement platform.
Specifically, when a user requests a password reset or email address change via the platform, we will ask them to enter their payroll ID + second factor (such as Date of Birth). This ensures that employees’ accounts are protected in the event of their email account being attacked.
Additionally, we have introduced a new verification process: a service called Pwned Passwords, which runs in the background and triggers an ID verification prompt and password reset if it detects that a user trying to login with a ‘common password’ (i.e. one that appears in the Pwned Passwords service).
This is a comprehensive, global service run by Troy Hunt, a Microsoft ‘Most Valuable Professional’ and the practice is in line with many other companies, including LastPass, Okta and Quidco.
It is also a recommendation of the UK's National Cyber Security Centre, the Information Commissioner's Office and America’s National Institute for Standards & Technology.
UK | SmartPay™ | Salary sacrifice approvals simplified
Employers will have the flexibility to process and do all necessary checks offline and once confident with the approvals to upload them in SmartPay™. This will save time from having to go back and forth between systems.
- First export the list of all pending applications.
- Process them offline.
- Then bulk approve/reject the applications by uploading a single file back to SmartPay™.
The upload will be accessible directly from the SmartPay™ – "Applications" section and will work with the file format and fields as exported from there.
Global | Employee Communications | Hover effect for clickable tiles
We have added some motion (a subtle hover effect – see below) to clickable tiles to create an enhanced user experience.
In future, this effect will be added to all similar elements across the platform.