Password Security Update


To improve the security of the PBX, end users will no longer use their voicemail pin to login to

the portal/api. A new “password” field will be exposed for each PBX user which will store the

password that is used to authenticate with the PBX via the Portal/API. Once a password has

been defined for the user the user will use their password going forward to access the PBX

Portal/API. Users will continue to use their voicemail pin to access their voicemail.

Affected Applications

The introduction of the secure password will affect the PBX Portal/API and any application

which leverages it for authentication. This includes:

  • ReachUC
  • iOS/Android/Desktop Apps
  • Chrome Extension
  • Outlook Plugin
  • Wordpress Plugin
  • SMS Responder
  • vBroadcast


The following section describes the process by which passwords will be defined for existing

users. This rollout will be performed in 3 phases. The dates that each phase begins along with

the details of the phases are outlined below.

Phase 1: Warn Users To Define a Password

11/5/2018 - When a user logs into the portal, the portal will warn users that their password

needs to be set in the next 30 days via a flash message centered at the top of the page.

Phase 2: Force Users To Define a Password

11/19/2018 - When a user logs into the portal who has not yet set a password, they will be

forced to define a password before navigating further into the portal. They will also be forced to

redeclare their voicemail pin. There is a new blacklist of voicemail pins containing frequently

used pins such as 1111, 1234, etc. Users will not be allowed to declare voicemails pins found in

the blacklist. Upon filling out the password update form, the user will be logged into the portal.

Phase 3: Direct Users to “Reset Password” Flow.

12/3/2018 - Users who have not yet defined a password will be directed through the “Password

Reset” flow upon logging in with their voicemail pin. See the Password Reset section of this

document for more details on this flow.

New User - Welcome Email

The Portal can now be used to generate a welcome email to users to facilitate their access to

the PBX. The email contains an auth code. When selecting “Complete Setup”, the system

validates the auth code in link and takes the user to the portal to establish New User


Upon Entering the New Password and New Voicemail PIN, the user will be logged into

the portal and directed to their Home Page.

Sending Welcome Emails

Welcome emails can be generated two ways:

1. The system administrator sends the welcome email when setting up users, or using the

bulk action to send emails.

2. New users can trigger the email by clicking the Are you a new user? link on the login

page. After clicking the Are you a new user? link the user will be prompted to enter their

email address and extension if known. If their email address is not yet in the system, or

the email address and extension do not match what is in the system, they will receive a

notification to contact their administrator. If the email address and extension complete

validation in the system, the user will receive a notification in the portal and a welcome


Password Reset

Password resets can be initiated by the user or by an administrator. The following steps occur to

complete a password reset:

1. Upon triggering the reset, the user will receive an email to reset their password, like


2. Selecting “Reset Password” will direct the user to the Password reset page.

3. Upon entering and confirming the new password, and selecting “Save”, the user will be

logged into the portal.

Password Change At Will

If the user knows their login name and simply wants to change/update their password, they can

log in to the portal and navigate to their Profile.

1. Once in the Profile, the user can scroll to “Change Account Security”, where they have

the ability to:

a. Change their email address.

b. Enter a new secure password(same restrictions applied and verified).

c. Verify changes by entering the current password.

d. Once Updated, the user will see a green pop up stating the Profile has been

updated and the user will remain logged into the portal.

Existing User Credentials Recovery

If a user has forgotten their Login Name or Password, they now have the option to recover their

credentials via the login page.

Forgot Login Name

After clicking the “Forgot Login Name” link on the login page, the

Forgot Login Name will Prompt for the User Email and (Optional) Extension

If the email (and extension) match the user in the system, a Login Name Request email will be

sent the user email. If validation fails, the user will receive a error message in the portal

prompting them to contact their administrator. Validation can fail if the email and extension are

duplicated on more than one domain; for example, if the email address and

extension 1001 are both used in domain abc-company.11111.service and domain

acme.11111.service, this creates a collision.

Forgot Password

Clicking the Forgot Password link on the login page will prompt the user for their Login Name.

If the user enter a known login name, they will be taken through the Password Reset flow.

Login or Signup to post a comment