PCI DSS 4.0 Compliance: Authentication Policy Update

Platform basics

To comply with PCI DSS 4.0 security standards and strengthen user account protection, we are updating our authentication policies. These changes, set to take effect in March 2025, will introduce stricter password requirements and adjustments to session management. The update aligns with the latest security standards to reduce the risk of unauthorized access and enhance overall account security.

Key changes

1. Increased password length requirement

The minimum password length will increase from 8 to 12 characters. This new requirement will apply to all newly created and reset passwords, ensuring stronger security for user accounts.

2. Mandatory password change for accounts without 2FA

Users who do not have Two-Factor Authentication (2FA) enabled and are not part of accounts with required SSO must update their password every 90 days. If the password is not updated before expiration, the user will be automatically logged out and must reset their password to regain access.

As part of this update, all users will be logged out when the new authentication policies are implemented, except for those using Single Sign-On (SSO) Required accounts. The next time user logs in, they will be required to reset password before accessing your account.

Follow these steps to regain access to your account:

  1. Go to the Login Page.
  2. Enter your credentials and attempt to log in.
  3. If your password has expired or does not meet the new requirements, the system will notify you that a reset is required.
  4. A password reset email will be sent to your registered email address. Open the email and click on the provided reset link.
  5. Follow the instructions on the reset page to create a new password that meets the updated security standards.
  6. Once your new password is set, you will be automatically logged into your Fundraise Up dashboard.

Frequently Asked Questions (FAQs)

1. Do I need to update my password immediately?

Yes. If your password does not meet the new 12-character minimum, you will be prompted to reset it upon your next login.

2. What happens if I don’t update my password before the 90-day expiration?

You will be automatically logged out and required to reset your password before you can regain access.

3. Can I avoid periodic password resets?

Yes. Enabling Two-Factor Authentication (2FA) allows you to keep your password indefinitely without needing to reset it every 90 days. Learn more about Two-Factor Authentication (2FA).

4. Will these changes affect users with Single Sign-On (SSO)?

  • Users in accounts with SSO Required will not be impacted by this update.
  • Users in accounts with SSO Optional will be affected, as SSO Optional does not prevent them from logging in with a password.

This is a planned security update designed to enhance account protection and ensure compliance with PCI DSS 4.0. If you have any concerns or require assistance, please reach out to support@fundraiseup.com for guidance.
Top Topics
Platform basics
Dashboard
Integrations
Payments
Payment methods
Checkout
Stripe
Elements
Donor Portal
PayPal
Quickstarts
Apple Pay
Salesforce
JavaScript API
WordPress
Related articles
PCI Compliance and Security Measures
Fundraise Up prioritizes the security of your supporters' sensitive data by partnering with PCI-compliant payment processors, primarily Stripe, for credit card transactions. While Fundraise Up is not a
Platform basics

Still need help?

Need help with something not covered in Support Center? Connect with a support engineer for more assistance.
Email us