To enhance Apricot security, we have implemented stronger password requirements.
US and CA - As of September 28, every US and CA-based Apricot user will be asked to change their password upon their next login.
AUS - The morning of October 27th, every AUS based Apricot user will be asked to change their password upon their next login.
Upon providing their previous username and password, users are required to create a new password that adheres to our enhanced security standards:
Password length: 12 characters minimum
At least 1 uppercase letter
At least 1 lowercase letter
At least 1 symbol
At least 1 number
The last 24 passwords cannot be reused
Passwords must be reset at least every 365 days
In cases where your Apricot instance had password security settings below our minimum requirements, they were automatically overridden.
If your Apricot instance already meets or exceeds our minimum standards, users will still encounter a mandatory password reset. This is because we do not store passwords in our system and need users to reset passwords to ensure compliance with the new standards.
This update ensures Apricot data continues to be protected by industry-leading standards.
If you forget your current Apricot password (at any point) the Forgot Password link allows users to receive an updated password that meets the new password requirements. It is always best practice to update your password after a password reset in user preferences.
Please note that Single Sign-On (SSO) logins will remain unaffected. If Multi-Factor Authentication (MFA) is in use, users will be prompted to update their passwords after the initial authentication.
We appreciate your cooperation and support in this endeavor. If you have any concerns about this upcoming change, please do not hesitate to reach out to our Support team over chat or at apricot@bonterratech.com.
Thank you,
Apricot Support
Frequently Asked Questions
Will the password reset/requirements impact Connect users?
No, at this time, Connect users will not experience any password reset requirements or changes.
Will the password reset/requirements impact Guest users?
If guest users are setup within your organizations IDP and SSO setup in Apricot, they will not experience a password reset.
If their Guest users are not in your organizations IDP and are not setup to use SSO login, they will need to reset their password.
Can my organization be excluded from this update?
No, all Apricot organizations are impacted by this change as of September 28th.
What happens if I cannot access Apricot to reset my password?
Every Apricot user will be asked to change their password upon their next login.
Upon providing their previous username and password, users are required to create a new password that adheres to our enhanced security standards.
If you forget your current Apricot password (at any point) the Forgot Password link allows users to receive an updated password that meets the new password requirements. It is always best practice to update your password after a password reset in user preferences.
I would like to provide feedback about password requirements in the future.
Our Support team is happy to accept any feedback or questions related to this change in Apricot. Chat with our team or email us at apricot@bonterratech.com.
For formal feedback to our product team regarding future enhancements, we recommend you enter and upvote an Idea in the Ideas Portal.
How can I create a password that meets the requirements?
If you need assistance generating a new password, we recommend using a password generator like LastPass. You can easily generate and copy the password.
Otherwise, try to build a password that is easy for you to remember, but hard for others to guess.
What does this experience look like for my end users?
Users are guided through the password reset like the image below. They are requested to enter their previous password, their new password, and a confirmation of the new password.
How can my users get login support on the password update day (or after)?
When users encounter the password reset screen, they still have access to the support bubble. Chat in with issues.
You may also email apricot@bonterratech.com if you are having trouble logging in and we will work diligently to get your users into the system.
How does Apricot refrain from storing passwords but still know if I am using one of the previous 24?
Apricot uses a hash code as a 'secret language' that a computer uses to hide important information, like the values of your password. If you are resetting your password and type in an old value, a previous hash value is produced, resulting in an error.
This way, even if someone were to somehow access the stored codes, they wouldn't be able to figure out your actual password. Hash codes help keep your information safe and secure online.