We have recently released a series of security enhancements that will prevent unauthorized access, reduce spam, and keep you informed about changes to your log-in information. Here’s a quick look at some of the ways we are keeping your account secure.
- Password Resets
- CAPTCHA for Customer Logins
- Two-factor Authentication
- Account Log-in Email Notifications
- CAPTCHA for public site contact us page
As added protection for your account, we have prompted you to reset your password. You should create a strong, memorable password or passphrase that you’re not using elsewhere. And please do not provide your password over the phone or through email – at Buildium, we will never ask for your password via either mode.
We’ve added a CAPTCHA method that will passively monitor the login page to prevent automated bot traffic while letting our human users login without issue. Normal users will rarely be challenged by the CAPTCHA, but if you are it will be a standard image based method that you’ve probably seen on other sites.
Invisible reCAPTCHA works by monitoring the page for human behavior; like typing speed, cursor movements, and rate of scrolling to determine whether a visitor is a human or a bot. There isn't a set list of criteria since Google keeps the complex algorithms under lock and key, but all we're looking for is organic, human behavior.
We are committed to helping you keep all of the information you store in Buildium as safe and secure as possible. As part of that effort we will be moving to require two-factor authentication on all user accounts at login in the coming weeks.
Two-Factor Authentication (2FA) is a two-step verification that adds and extra layer of security to your account by requiring something that only you have access to. In this case, an authentication code sent directly to your phone. This verification process will allow Buildium to require users to prove who they say they are by verifying that they have access to their phone and the number we have on record. Anyone trying to access your account who is not you, will not receive the security token and will be prevented from logging in.
You can enable two factor authentication from the My Settings page. It can be enabled for any manager user including staff, vendors, and owners.
We have introduced a series of account access notification emails that will keep Buildium customers aware of changes to log-in information.
From now on, Buildium will notify the account owner email address on file and the user that made the change when the following changes occur:
- Any user changes their email address
- Any user changes their password
- Any user successfully enables two-factor authentication
- New ePayment information is added to any vendor or rental owner in a Buildium account.
We’re also taking measures to make sure that your public site is more secure. In order to prevent bots from submitting through the contact us form and generating spam, we are giving buildium customers the ability to enable invisible reCAPTCHA on the contact us page of the public site. This form of CAPTCHA will reduce spam while keeping form submissions from real human users as frictionless as possible.
To activate CAPTCHA on the contact us page of your public site:
Click Communication→Public Site→Pages and Appearance
Edit Contact Us page
Turn CAPTCHA to "on"