Passwords in Vonage Contact Center

In this page

Password checks used in Vonage Contact Center

Vonage Contact Center (VCC) uses two different password mechanisms to ensure that the data in your VCC account is secure: password policy check and compromised password check.

Password policy check

In Configuration (within Account Settings) in the VCC Admin Portal, an admin user can configure the password policy for an account. The policy includes how often users need to update their password and how complex the password should be. The number and types of characters that must appear in passwords determine the complexity.

PINs
Users can no longer log in using a personal identification number (PIN).

For more information about password policy, see Configuring password policy.

If a user tries to set or reset their password to a password that does not have the required complexity, an error appears and the user must change their password.
When a user logs in with an expired password, an error appears and the user must change their password.

Compromised password check

Whenever a user sets or resets their password or logs in to ContactPad or the VCC Admin Portal, Vonage checks the password in an industry-wide database of compromised passwords. The database contains more than half a billion compromised passwords; a compromised password is one that has previously appeared in a data breach from another site or application.

Passwords that are easy to guess — such as password, 1234567890, secret — are most likely to be compromised. Even words that conform to a complex policy — such as Pa$$word!! and Password@1 — may be compromised.

If a user tries to set or reset their password to, or tries to log in with, a compromised value, an error appears and the user must change their password.

If a user’s password is identified as being compromised, they should also change their password for any other sites or applications that use it.

Password managers

Users should be encouraged to use a password manager for both generating and storing a unique, random, and secure password for use in the VCC Admin Portal and ContactPad.

For more information about logging into VCC Admin Portal and ContactPad, and setting a password, see Logging in to the Vonage Contact Center Admin Portal and Logging in to ContactPad.

Forced password resets

Forcing users to reset their passwords can improve security. One-off password resets after a security incident demonstrate a quick response and build customer trust.

VCC provides two types of forced password resets: user-level password resets available to supervisors and admins, and mass password resets triggered by Vonage.

User-level password resets in User Admin

In cases of security breaches or suspected unauthorized access, supervisor and admin users can reset one or more users' passwords. When a supervisor or admin initiates a password reset for a particular user:

  • The user is automatically logged out of out of ContactPad or VCC
  • The user receives an email containing instructions for resetting their password. If the user does not receive the email, they can use the Forgot your password link.
  • The user's account is blocked. Until they reset their password, the user cannot log in to their account.

Mass password resets from Vonage

To improve security and reduce the risk of data breaches, Vonage can trigger mass password resets for all users who did not update their passwords for a specific amount of time. When a mass password reset is triggered by Vonage:

  • Vonage will send an email to each applicable user using the email address associated with their account. The email will contain instructions for resetting their password. (If the user does not receive the email, they can reset their password using the Forgot your password link.)
  • Vonage will block applicable users' accounts. Until users reset their passwords, they will not be able to log in to their account.
To limit disruption caused by a mass password reset, such resets will be performed over multiple days targeting 10–15% of randomly selected users each time.

Forced password reset email

Subject: Reset your password for Vonage Contact Center

Dear {username},

We have received a request from Vonage/{username who triggered a password reset} for you to reset your password. To reset your password, use the following link: [Password reset link]
If you have any questions, contact your supervisor.
For information about resetting your password, go to Vonage Contact Center Product Documentation or the Community Hub.

Thank you.

Blocked account message

Password reset is required
Initiated by Vonage/{username who triggered a password reset}

You must reset your password before you can log in.
We previously sent you an email with instructions for securely resetting your password.
If you did not receive, or cannot find, the email, go to Forgotten your password?, contact your supervisor, or go to the Community Hub for help.

Support and documentation feedback

For general assistance, please contact Customer Support.

For help using this documentation, please send an email to docs_feedback@vonage.com. We're happy to hear from you. Your contribution helps everyone at Vonage! Please include the name of the page in your email.