Security Updates Release 3.24.0

Security enhancements to the ReturnLogic platform.

Kaylie avatar
Written by Kaylie
Updated over a week ago

Article Overview:

New Password Requirements/Timeouts

What is it?

We are updating our password requirements. If you are a current ReturnLogic customer you will not be impacted unless you actively reset your password or go through the “forgot password” workflow. New password requirements are listed below:

  1. Passwords should be 12 characters long

  2. Password should include an upper-case letter

  3. Passwords should include a symbol

  4. Passwords should include a number

Additionally, the link sent out for both first setting your password up and “forgot my password” have new timeout thresholds.

  1. The link that is sent out when setting up your password will be valid for 7 days.

  2. The link that is sent out in the “forgot my password” workflow will be valid for 24 hours.

How It works:

When you either set up your password for the first time or reset your password, there will be a list of requirements on the page. As you hit each of these requirements, they will disappear. Until all requirements are met, you won't be able to save your password.

Note: If you select the password link (set or reset) outside of the threshold the link is valid for, you will automatically be sent into a new “forgot my password” workflow.


Q: Will I have to update my password if I am a current user?

A: No, but if you through the “forgot password” workflow, you will be prompted to meet these new requirements.

Q: How long will new users have to set up their new password once the email is sent out?

A: 7 days

Q: How long will current users have to set up a new password in the “forgot my password” workflow once the email is sent out?

A: 24 hours

Q: What happens if I fail to click on the new password set/reset link within the time threshold?

A: You will be automatically pushed into a new “forgot password” workflow regardless of whether you are setting up or resetting your password.

Session Management

What is it?

Session management manages the amount of time you are actively logged into a platform. Take your bank for example, if you’re inactive for more than a few minutes, the website will (or at least should) automatically log you out and ask you to log back in again.

Previously, there was no session management on our platform. Now, after 24 hours, you will be asked to log back in again. This is to help reduce the risk of malicious intent using a user’s ReturnLogic account to place various malware, phishing attempts, or simply to steal company data. This will impact all current customers.

How It works:

After 24 hours, ReturnLogic will automatically log you out. You will need to log back in to continue using the ReturnLogic platform.


Q: How long until a user will need to log into the platform again?

A: 24 hours

Q: How many users does this impact?

A: All

We're here to help! Email us at or use the live chat inside the platform with any questions or feedback.

Did this answer your question?