ResearchPoint Ideas

Recently I attended the Blackbaud webinar on the upcoming upgrade of Research Point to 4.91. Basically, for my organization, that simply means users will have a new way to sign onto Research Point. All the other new features in Research Point are linked to other Blackbaud hosted on-line applications, like BBCRM or RENext, so are not applicable for my organization as our Raiser’s Edge is premised-based.

Blackbaud is going to a single-sign on using the Blackbaud.com account. I completely understand the benefits of single-sign on: easier access using one set of credentials for users, access to multiple cloud-based applications wherever users are located and enhanced security profile and authorizations. In addition, if credentials are compromised, the audit trail tools can show which accounts are breached, what was done and where the breach took place. However, when I asked Blackbaud how they were going to force password resets on Blackbaud.com, I was told there is not currently anything planned on the roadmap to force Blackbaud.com password resets. We will have to have users voluntarily change the passwords based upon our policies.

Administrators know all too well that if we leave changing passwords voluntarily to users, the passwords will not be changed consistently, or even at all. We hear all too often from users that changing passwords is inconvenient and remembering a new strong password with upper and lower case letters, numbers and symbols is a pain. We can educate our users till we are blue in the face and explain that changing passwords every 60 to 90 days avoids a number of dangers. So, to ensure passwords are being changed, as administrators, we have added the technology to force password resets at configurable time periods. Blackbaud needs to reconsider their decision of not automatically enforcing password resets on Blackbaud.com every 60 to 90 days especially since they are using this login for applications containing sensitive donor information.  They need to add to their roadmap applying some form of technology to the main website, Blackbaud.com, to automatically enforce users to reset their password at a configurable time period.