Here’s everything you need to know about the security changes coming when you switch to the latest Avanti Self-Service Portal.
If you restrict access to websites on your network, add the domain *.myavanti.ca to your allow list to ensure employees have continued access to the Avanti Self-Service Portal and Career Connector.
Want to learn about everything that’s changing, not just the security changes? Take a look at Upcoming Changes.
New Minimum Password Requirements
There are stricter minimum requirements for passwords to help keep your data safe. These won’t apply to existing user’s passwords; they only come into effect when someone creates an account or resets their password on ASSP and Avanti Go.
Passwords must:
Be at least 12 characters long and include at least 1 lowercase letter, uppercase letter, special character, and number.
Avoid too many repeating or sequential characters
Avoid some common phrases that pose security concerns.
Employees and new users will be guided through most of these requirements when they create an account or use Forgot Password to reset their password.
With this strict password complexity, we’ll no longer support the password requirements set in the Avanti Self-Service Portal Security Settings.
Account Lockouts
To help protect against brute-force attacks, credential stuffing, and dictionary attacks, a 30-minute lockout now applies to anyone who cannot validate their identity on ASSP and Avanti Go too many times.
When a user’s account is locked out, we’ll let them know via email, an Avanti message, and a notification in the notification center.
Previously, you could set whether accounts were locked out, when the lockout would occur, and how long the lockout period lasted.
Administrators can also let the user back into their account before the lockout period ends. Go to Unlocking a User Account to learn more.
Multi-Factor Authentication Changes
We’re putting your data’s security first with a few changes to multi-factor authentication. Authenticator apps have proven to be a much more effective security solution. With that in mind:
Employees with an authenticator app added will need to use it rather than security questions; they’ll no longer have the option to answer questions if they previously could.
Employees who use an authenticator app and security questions have a simplified verification process; they’ll only need to use the authenticator app.
Password Reset Changes
The password reset code will always be included in the body of the email; we’re no longer supporting sending the code in a password-protected PDF.
Security Information Removed
We’re removing some security details you could previously view in Administration Settings on ASSP and in Career Connector.
Malware settings can no longer be viewed in Company Web Settings on ASSP and Career Connector settings. Don’t worry; all uploaded files will continue to be scanned to identify malicious threats.
The Event Log, Diagnostics, and System Info will be removed from ASSP. We monitor system issues on your behalf, and the Care Team is here to help with any future troubleshooting.
With the standardization of account lockouts on ASSP, the System Settings for this have been removed.