Get Started

We have recently improved our already-robust security so you can have the peace of mind of knowing you're safe.


Synergy 8 Security Update

Synergy 8 Security Update: Building a Secure Environment

We have recently improved our already-robust security so you can have the peace of mind of knowing you're safe.

Two Factor Authentication

We’ve added in a new 2 stage verification process which will be similar to what you would have experienced with your bank. If you are logging in from an unusual location (determined by your ip address) or after 6 failed login attempts, you will be alerted with a text message verification code to confirm that the changes that are about to be made are being made only by you. The verification codes last 15 minutes and once expired, will be re-issued automatically next time you log in.

Mandatory Password Strength 

We’ve also added in a ruleset for creating passwords to make them more secure. From now on, passwords:

  • Must be minimum 8 characters long
  • Must contain both alphabetical and numerical characters
  • Not be the same as your last 4 passwords

How am I Affected?

As a result of adding these extra security features, all administrator accounts will need to refresh their passwords as well as attach a mobile phone number to each account.

  • Administrator accounts must have unique usernames and email accounts attached to them so it is easier for you to track who has made changes to your website.We strongly encourage users have individual accounts and advise against using 'shared accounts' as it can increase the risk of the sensitive information being exposed to malicious behavior
        
  • Password encryption has been upgraded to a new encryption method which makes your passwords much more resistant to password cracking, even if password cracking software is used. We’ve also added a new feature which automatically enables the SSL protected ‘HTTPS’ on any page that has a ‘Password’ field on it.
     
  • When logged in, a logout button is now visible when viewing a public and editable page
     
  • Inactive accounts will be disabled automatically after 90 days for sites that contain e-commerce features and 180 days for sites that don’t.
     
  • Admins will be required to change their passwords every 365 days.
     
  • HTTPS on all pages when you are logged in with a privileged account to prevent potential session hijackings via network snooping.  Whilst logged in, you will be accessing the site via your sslsvc.com domain.

Other Changes

We have also implemented CSRF tokens to prevent CSRF attacks and have upgraded our cryptography software to always generate output that is suitable for cryptographic use.

This extensive list of security updates are being made to keep your website’s sensitive information private, as it should be. We believe that your information should only stay in your hands and will do everything we can to give you the peace of mind that your website is safe.

If you have any feedback about the latest patch, please don’t hesitate to reach out. We know it might be a slight inconvenience for some of you, but it is all in the best interest for your security.

Share This:

Today’s web environment is moving faster than ever, with increasingly efficient API’s and browser capabilities being released every day. Modern web software requires modern browsers, and in order to keep pushing our ability to innovate, we have decided that today, Synergy 8 is saying goodbye to website editing in Internet Explorer (IE11).

Learn to demo Synergy 8 to your clients, get acquainted with the new design generator and rapid prototyping tools, and start building solutions powered by Synergy 8.

Try a Demo, or Speak With a Consultant


Get Started