Notice of Web Login Security Changes in Tessitura Version 12

In our work to incorporate Next Generation architecture into Tessitura, one of the goals is to follow modern computing security standards. One area we are now reviewing is the storage of web login passwords.

Best security practices dictate that we should store these passwords as a “one way hash,” a database storage technique that ensures that passwords are not readable or recoverable by any operator—system admin included. The only real use for these passwords is to compare them with input by a constituent, and this does not require anything beyond hashed storage, which is the recommended practice.  

This is not how passwords are stored in Tessitura today. In order to follow this best practice, we need to change two pieces of current Tessitura functionality:

1. We will no longer make it possible for a Tessitura user to reset a constituent’s password in the client application. Instead, we will make it possible for the user to send an email with a temporary login token, which will then allow the constituent to reset the password for themselves. Thus, a constituent’s password (even a temporary one) is never known to anybody but the constituent themselves.
2. We will end support for the current functionality of the SendCredentials and ForgotLogin API methods, in which we were allowing plaintext passwords to be sent in an email. Instead, we will support only the token part of the SendCredentials method, in which a temporary token is emailed to the constituent.

As a result of these changes, an organization will no longer be able to output logins and passwords (even temporary ones) for constituents. So, for instance, your organization will not be able to print a user login and password on a Subscription Renewal form. While this may have been normal practice several years ago, this is an unacceptable security risk under today’s standards. These changes also mean that it will no longer be possible to create web logins without an email address tied to the login, as is currently possible with a temporary login.

Please note that while these changes will not affect TN Express Web sites, in that the existing TNEW code only sends out tokens for lost passwords, it will affect all users in that you will no longer be able to send out passwords in marketing materials, nor will you be able to reset temporary passwords in the Tessitura client.

As always, we look to give Tessitura members as much lead time as possible when making changes in the application that could have an impact on business process, local reports and customizations or the coding of your website. As we believe this critical security change could have an impact on all of these areas, we are informing you now, many months in advance.  At this time we anticipate General Release of Version 12 in July 2013, with an upgrade deadline of at least three months after that (end of September 2013).

We take our security responsibilities very seriously, as evidenced by the amount of effort we expend on our PA-DSS (Payment Application Data Security Standards) certification.  The changes outlined above, planned as part of v12, will further our commitment to modern security standards.

This message was also emailed to the IT and Business Contacts at all Tessitura licensees, to the holders of personalized TASK logins and to the Implementation teams.