As part of our initiative to make HappyFox more secure, we have introduced new features that aim at preventing unauthorized access to the application.
The following features are now available for all HappyFox users (contact & agent)
HappyFox enforces a temporary 60 minute lockout period if an agent or contact enters invalid credentials consecutively for 5 times. The login screen displays the attempts remaining for a user before a lockout is triggered.
Unsuccessful agent login
Unsuccessful contact login
In the event of a lockout, the agent/contact is automatically notified via email. The email contains the following information for last successful login and for the past 5 unsuccessful login attempts
Operating System details
Once an account is locked out, the agent/contact can do either of the following
Wait for 60 minutes so that the account lock is automatically released
Send an automated email request to the administrator/s requesting manual unlock
When an agent/contact is locked out of HappyFox, their active HappyFox sessions remain unaffected. New sessions i.e., new login attempts will be restricted (including SSO logins).
Manual account unlock request for contact
This action is available to all agents who have “Unlock Agent” managerial permission.
Agents who have been locked out of HappyFox can be identified using the lock icon against their names in Manage >> Agents page. On clicking unlock, a confirmation popup is shown. Successful unlock of a Agent sends an email notification to the agent that their account has been unlocked by the administrator.
This action is available to all agents who have “Unlock Contact” managerial permission.
Contacts locked out of HappyFox can be identified using the “lock” icon against their names in the Contacts list page. On opening the details page of the contact, the “unlock” action will be visible.
Lock Icon inside Contact list page:
Unlock Contact option inside Contact detail page:
In addition to a lockout mechanism, unsuccessful login attempts in both contact and Agent login screens will now ask the user to verify themselves via a Captcha flow. The captcha flow is powered by Google’s reCAPTCHA service that uses an advanced risk analysis engine. This effectively helps prevent automated malicious login attempts.
Successful captcha verification in Agent login page
reCAPTCHA asking for user verification during contact login
To know how to unlock agents in HappyFox Classic version, please refer to the document attached.