PCI DSS 4.0.1 Compliance: Authentication Policy Update

Platform basics

To comply with PCI DSS 4.0.1 security standards and strengthen user account protection, we have updated our authentication policies. As a GDPR compliant donor software provider, these changes help reduce the risk of unauthorized access and enhance overall account security.

Key changes

1. Increased password length requirement

The minimum password length is 12 characters. This requirement applies to all newly created passwords and any password resets, ensuring stronger protection for user accounts.

2. Mandatory password change for accounts without 2FA

Users who do not have Two-Factor Authentication (2FA) enabled and are not part of an account with required Single Sign-On (SSO) must update their password every 90 days.

If a password is not updated before it expires, the user is automatically logged out and must reset the password before access can be restored.

As part of this policy, users are logged out when authentication requirements are enforced. Users in accounts with SSO Required are excluded, as authentication is handled by their identity provider.

If a password expires or does not meet the current requirements, access can be restored by completing a password reset:

  1. Go to the Login Page.
  2. Enter the email address associated with your Fundraise Up account.
  3. Enter your current password.
  4. Select Log in.
  5. Review the message indicating that your password has expired or does not meet current requirements.
  6. Select the option to reset your password.
  7. Check your inbox for the password reset email.
  8. Open the email and select the reset link.
  9. Create a new password that meets the current security requirements.
  10. Confirm the new password and submit the form.
  11. You will be logged in to your Fundraise Up dashboard automatically.

Frequently Asked Questions (FAQs)

1. Do I need to update my password immediately?

Yes. If your password does not meet the 12-character minimum, a reset is required the next time you log in.

2. What happens if I don’t update my password before the 90-day expiration?

Access is temporarily blocked until the password is reset.

3. Can I avoid periodic password resets?

Yes. Enabling Two-Factor Authentication (2FA) allows you to keep your password indefinitely without needing to reset it every 90 days. Learn more about Two-Factor Authentication (2FA).

4. Will these changes affect users with Single Sign-On (SSO)?

  • Users in accounts with SSO Required will not be impacted by this update.
  • Users in accounts with SSO Optional will be affected, as SSO Optional does not prevent them from logging in with a password.

These authentication policies are part of Fundraise Up’s ongoing security and compliance efforts under PCI DSS 4.0.1. If you have any concerns or require assistance, please reach out to support@fundraiseup.com for guidance.
Top Topics
Platform basics
Dashboard
Integrations
Payments
Payment Methods
Checkout
Elements
Stripe
Donor Portal
Installation
CMS
PayPal
Quickstarts
Marketing & Analytics
JavaScript API
Related articles
PCI Compliance and Security Measures
Fundraise Up prioritizes the security of your supporters' sensitive data by partnering with PCI-compliant payment processors, primarily Stripe, for credit card transactions. While Fundraise Up is not a
Platform basics

Still need help?

Need help with something not covered in Support Center? Connect with a support engineer for more assistance.
Email us