Feature Updates 01/19/2023
OnlineGiving.org Control Panel > Users & Donors > New Password Strength Enhanced with "Very Strong" & "Extreamly Strong" Visuals
We're pleased to announce an update is now live to the OnlineGiving.org Control Panel > Users & Donors > New Password strength feature, which now displays "Very Strong" and "Extremely Strong" visuals for new passwords. The update is in addition to the previous updates, which display "weak", "strong" and the estimated offline crack time. The goal of the follow-up update is to allow church administrators setting new passwords to see a "Very Strong" or "Extremely Strong" message which would qualify to skip the email multi-factor authentication on the control panel login pages.
Preview of Enhanced Password Strength Feature
Why does OnlineGiving.org require church administrators to have a "very strong" (or better) password to bypass the control panel multi-factor authentication?
Excellence in software and service is OnlineGiving.org goal; part of that is our continual commitment to security. We take protecting the church and donor privacy (data) very seriously. The OnlineGiving.org control panel is a very informative and powerful resource for church administrators. With great power comes great responsibility. OnlineGiving.org understands that not all church administrators are IT professionals or security experts. That is why we are proactively increasing our security requirements which help push church administrators to have better security practices starting with better passwords.
Why does it matter if my password is not "very strong", is a "strong" password go anymore? Password strength standards have changed due to years of public company data breaches, resulting in a massive number of real passwords being published on the dark web. Typically when these large companies have data breaches, the attackers obtain a one-way encrypted (hashed) version of the user passwords. Attackers then use specialized software to decrypt "crack" passwords that are vulnerable due to being weak.
The stronger the password strength is, the longer it takes for an attacker to decrypt "crack" the password. Attackers typically are financially motivated and do not have all the time in the world to wait for passwords to be cracked. When a church administrator uses a "very strong" (or better) password that takes years or more to crack, then the chances of an attacker waiting around for that password to be "cracked" is significantly lower. After all, when an attacker is financially motivated, time is money, and the use of leaked passwords fast allows for that attacker to be more successful.
Additionally, in today's age of dark web data breaches, brute force attackers are no longer common for administrative panel logins. Instead, an intelligent attacker uses public website pages to reference a company's staff member information. That attacker can then look on the dark web for known passwords for a specific staff member based on their personal email or company email address. This allows an attacker to have a list of known passwords for a specific person that they can try on a control panel login page. As you can see, this attack method doesn't require brute force, it instead is very agile.
OnlineGiving.org protects against these attacks using many different layers of security. Our latest security requirements for church administrators is designed to push better password policies by requiring any church administrator to use a "very strong" password or have to complete a multi-factor login. Very strong passwords are by their nature hard to remember and typically are not reused and instead saved into a password manager, which results in better security for everyone.
Need a good password manager? Here are a few that you may want to check out: