As part of our ongoing focus on keeping your information secure, Workzone is implementing several security enhancements. On Friday April 29th at 10PM EST, Workzone will be taken offline for approximately 5 minutes for a system update.

After the system update, prior to entering Workzone, all users will be required to change their passwords, in accordance with new strong password requirements. Previously, strong user passwords were an option; now they’ll be required. To properly launch this new aspect of our system, we will require ALL users (even those who already had strong passwords) to create a new strong password.

After the update, the next time you attempt to enter Workzone, you will be brought to the log-in page.

If you are at your private computer, we strongly recommend that you click the “Remember me” checkbox on the log-in page. This will allow Workzone to remember you after you change your password and is required for sites that use a one-week automatic log-out interval.

After entering your email address and password (which should be filled in automatically for most users), you will be taken to the “Change Password” page. This page will ask for your existing password (which should be automatically filled in for most users), and will require you to create and confirm a new strong password.

When creating a strong password, the required criteria are listed, and a password-strength meter will appear. If you do not wish to think of your own strong password, you can choose to have Workzone automatically generate a very strong password for you by clicking the “create a very strong password for me” link.

If your old password is not automatically filled in and you do not remember it, click the “forgot password” link. This will take you to a page where you will enter the email address associated with your Workzone account, after which it will email you a link that will enable you to reset your password.

Click the “show password” link to expose the new password for copying into the Verify Password field.

Unless you use an automatic password manager (like LastPass), make sure to save your new strong password in a secure location for future use. If you did not check the “Remember me” box on the log-in screen, you will need to enter your new password the next time you log in to the system. [You will be automatically logged in to the system this first time after successfully changing your password.]

The system will email password reset instructions to your Workzone email address, which will include a temporary link that will take you directly to a “Change Password” page that does not require the existing password. The link will be valid for 15 minutes after the email is sent. If that 15 minutes expires, go back to the log-in page and reuse the “forgot password” link to resend the password reset instructions email.

New strong password requirements

Passwords in Workzone need to meet the following requirements:

• MUST contain at least 8 characters (12+ recommended)
• MUST contain at least one uppercase letter
• MUST contain at least one lowercase letter
• MUST contain at least one number
• MUST contain at least one special character (!”#$%&'()*+,-./:;<=>?@[\]^_`{|}~ )
• MAY NOT contain more than two identical characters in a row
• MAY NOT contain first name, last name, email address mailbox or domain, company name or commonly used passwords
• MAY NOT match commonly used password character patterns

As you enter your new password, Workzone will indicate which of the requirements still need to be met and will show you the approximate strength of your password on a password-strength meter. If you do not wish to think of your own strong password, you can choose to have Workzone automatically generate a very strong password for you by clicking the “create a very strong password for me” link.

Infrequent Workzone Users

The above password reset process will only work for users that attempt to access Workzone by Friday, May 13. After May 13, Workzone will no longer recognize users’ old passwords. Users attempting to log in with their old password will get an “incorrect email address or password” message. These users should click the “forgot password” link on the log-in page, and Workzone will email them a link that will allow them to reset their password.

Automatic lockout after 5 failed attempts

Another new security enhancement with this update will lock out a user after 5 incorrect password attempts. This was an option previously; it is now standard. After 5 attempts, the user will be locked out and given a message to contact their site’s administrator to re-enable their user account. Workzone will also send the user and email about being locked out and telling them to contact an administrator.

Reset password links replace temporary passwords

Another nice enhancement with this update replaces the previous system of temporary passwords with reset password links. This new method is more user friendly (just click the link) and also more secure.

Confirmation emails upon change of password

When a password is changed, Workzone will automatically email the user to inform them of the password change. This alerts them of the change in case they did not make the change.