Changes Coming For Raiser's Edge® Database View Logins
With the patch 24 release starting in July, password requirements are changing for Raiser’s Edge users in database view. Any user who accesses the Raiser’s Edge database view (including customers who host their own database) will need to meet the new requirements.
The changes to the database view experience will be:
- Database view passwords will be more complex
- All users will be required to reset their passwords at least every 365 days
- We will prevent the reuse of passwords (the last 6)
- Your new password must be a minimum of 12 characters, include both alpha and numeric characters, and at least 1 special character like # / $ % & @
- Passwords will expire at least every 365 days, with notifications starting as set in Business Rules > System Access Options.
Which password are we talking about?
This change affects the password for the Raiser’s Edge database view and RE Mobile app only. If you don’t enter your user name and password in a screen like below, this change will not affect you.
When will I have to reset my password?
When first logging in after the patch 24 upgrade, users will need to create a new password if their current password doesn’t meet the new requirements. Users will need to reset their admin passwords every 90 days.
Why is this happening?
We continually review industry standards and best practices and make updates to ensure access to Raiser’s Edge remains as secure as possible.
Can I revert this? I want shorter, easier passwords!
No, there’s no option to use less secure passwords. These changes are part of our continuing partnership with you to ensure the most secure environment for your work.
Does the database manager need to do anything?
After the update, in the database view, go to Configuration > Business Rules > System Access Options. Review the settings for password expiration options, editing them as desired. The maximum expiration time is 365 days, but the default is 90 days.
For more information on the changes, see the Knowledgebase article What are the new password requirements for Database View in Patch 24?
Hi Anna and Miki, apologies for the delay.
Anna, we currently allow organizations to set up Single Sign-on (SSO), which would allow you to configure and require multi-factor authentication for all your users through your identity provider. More information on SSO is at https://kb.blackbaud.com/knowledgebase/articles/Article/118796. If you’d also like this to be requirable outside of SSO, I’d encourage you to add it to our Idea Bank. A similar idea has already been posted at https://re7.ideas.aha.io/ideas/RE7-I-5865, and the more votes that receives, the more we’ll see this is a priority for customers.
Miki, this doesn’t affect users like your organization who use Windows Authentication, which allows you to bypass the login screen shot above. We recommend Windows Authentication to make login easier, and we’re gradually moving all customers that we host to use it. Once that’s complete, database view and web view will have the same requirements.
Can BB enhance security for NXT log in as well? Would love a business rule set for Multifactor Authentication. I hate that I have to police that. It would be so easy for someone to toggle that on/off.
We are web hosted so this apparently does not affect us. Why are there different requirements for the NXT login as opposed to the database?