In this article, we’ll run through how clients can enable users to sign into their program with their email address and password. When this is enabled, users will be asked to create a password during the registration process, allowing them to sign into the program using their chosen email address (username) and password.

How can username & password be enabled?

To enable the username & password, clients should log into Reward Manager and the Integration Dashboard and search for “Username and Password” under the “Explore Integrations” tab. 

Select the integration and turn it “On” using the toggle button in the top right-hand side.

How secure is it to enable username & password?

As a short answer – extremely. All passwords are secured through hashing and are never shared with the member via any method of communication. Find out more on what other security options are available here. 

What other options are available to enhance the security of using local credentials?

When setting up the integration, there are several options to enhance the security aspects of the locally held credentials. These are further explained below.

Special Characters

If this option is selected, all passwords must contain at least one uppercase, one lowercase and one digit or special character. This increases the complexity of the passwords and reduces the risk of them being susceptible to attacks such as Dictionary attacks.

Prevent Re-use

If this option is selected, employees cannot re-use any of their last seven passwords. 

Periodic Refresh

If this option is selected, employees will be prompted to change their passwords every 90 days.

Password Obfuscation

If this option is selected, it allows the employees to see the password in plain text as they type it into their mobile devices. This would only be applicable if we see the employee is having trouble signing in. Having this option enabled can lead to a much better user experience on mobile devices.

How can members recover their passwords if forgotten?

If an employee has lost or forgotten their password, they can use the “Account Recovery” section to recover their account. The Account Recovery section can be found on the main landing page or by typing “/Authentication/Recover/Password” after your program’s URL – https://[YOUR_PROGRAM_URL]/Authentication/Recover/Password.