Protecting private information and further securing access and use is one of Iasta's most important priorities; therefore, a more simplified and secure password framework compatible with ISO 17799 is now in place. Passwords are now stored using one-way encryption, so once they are set, it is impossible for administrators to view them in both the Iasta SmartSource Desktop and Iasta SmartSource Portal Site applications. This has some important implications on how users manage passwords and security for bidders in Iasta SmartSource.

There are also some additional optional policies you can enforce on your company's account subdomain. By default, these optional features are disabled. If you wish to enable the additional security restrictions, please contact your Iasta support representative after your account has been upgraded to version 7.0. Optional policies include automatic password expiration (after a configurable number of days), required waiting periods between password changes, minimum password complexity and length requirements, and historical password uniqueness requirements.

Iasta SmartSource Password Protocol

• Instead of logging in once to see your list of connections, you must log in to each connection individually. You can also choose whether or not to save your password in each connection. If you save it, then you will not need to log in to use the Iasta SmartSource Desktop application each time. If you do not save it, you will be prompted for your password each time you run the Iasta SmartSource Desktop application and select your connection. 
• By default, any existing connections set up under earlier versions will have their password already saved, and any new connections will only save the password if the user selects a "Save Password" check box.
• Passwords can never be retrieved, they can only be reset. The Iasta support staff (and our clients) cannot tell someone his or her password or log in under another user name. Users can reset their passwords from the Iasta SmartSource Desktop window, by clicking the Iasta SmartSource Server Connections node in the Connections and Projects tree, then clicking the Forgot Password link for a connection. From the Iasta SmartSource Portal Site a user can click the Forgot Password? link. 
• When a password is reset, users receive an e-mail with a temporary password. At this point, the user can either log in with the original password or a temporary password. If the user logs in with the original password, the temporary password is no longer valid. If the user logs in with the temporary password, they are forced to change the password upon login.
• When new users (bidders or administrators) are created, they will be provided with a randomly generated temporary password (an 8-12 alphanumeric character sequence). When they log in for the first time using the temporary password, they are forced to choose a new, permanent password.
• A user's actual password is never transmitted or stored in plain text - neither in the database nor in an e-mail.