As we mentioned in yesterday’s update, there are a number of changes we’ll be making across Campaign Monitor to strengthen our security. Most of these are behind the scenes changes, but the one significant change we’re asking all customers to make is a password change.
The motivation for this change was to switch to a best practice approach to password management. While previous passwords were always stored in an encrypted form, the new approach means that these passwords can never be decrypted. While previous passwords weren’t compromised, we’re taking this opportunity to move to the most secure model possible.
We’ve made this a simple process that you and your clients will see the next time you login to your account.
How will the process work?
The next time you or your clients login, you’ll be taken directly to the password update process. Here’s how it works:
- When you login, we’ll send you an email containing a link and a unique code
- Click on the link, then paste in the unique code
- Enter your new password and you’re done.
That’s it. The entire process should take less than a minute.
Will my clients need to change their password?
Yes, if you’ve given any of your clients account access this process will apply when they next login. Don’t worry, there won’t be any mention of Campaign Monitor, and the entire password reset process will be branded to reflect your account.
I can’t remember the email address my account is under
When you go through the update password process, you need access to the email address your account is under. We show you this address during the update process. If you can’t access the email address you used to signup, we still need to verify that you are the account owner. This will involve answering a few questions about your account.
Our support team can then initiate a reset for you, and help you get access. Get in touch if you can’t remember your account email address and we’ll sort it out for you. If your clients have the same problem, you can easily jump into their account settings and update their email address. If you prefer, you can also update their password directly from your account.
What if I forget my new password in the future?
With these changes, we will no longer provide a password reminder feature. This has been replaced with a password reset feature that will follow a similar process to the one described above and will ensure we never need to email you your password again. While this isn’t related to the recent attacks on Campaign Monitor, it’s security best practice and the right time to adopt this approach.
Update: We’ve now moved the login form and reset password process to a secure connection using SSL to ensure the reset process (and any subsequent logins) are as secure as possible.