Category: Development

Security Enhancements in MIDAS v4.42

5 minute read time · Updated April 29, 2026 · First published April 29, 2026
Security Enhancements

MIDAS v4.42 brings several important security enhancements. Here’s what’s changed and why it matters.

Argon2id now the preferred method of password hashing

For many years MIDAS has utilized “bcrypt” to store password hashes. While “bcrypt” is still accepted industry practice, newer encryption methods like “Argon2id” offer improved protection.

“bcrypt” is computationally expensive. This means it takes a significant amount of processing time to compute each password hash. bcrypt also includes a configurable “work factor” controlling how “computationally expensive” each calculation is.

Back in 2017, a “work factor” of 10 was widely considered by security experts to be sufficient at the time, and this is the factor we used in MIDAS.

By 2020, computing power had evolved and so “best practice” was to upgrade to a “work factor” of 12, which we transparently rolled out to MIDAS for our v4.25 update that year.

Now in 2026, we’re firmly in the quantum computing and AI age. While bcrypt is still considered secure, it is only “computationally expensive” from a processing (CPU) perspective.

Newer methods, like “Argon2id”, are both processor-intensive and memory-intensive, and so offer an even greater line of defense against brute-forcing password hashes.

We’ve implemented Argon2id for MIDAS v4.42. End users won’t see any difference, but password hashes stored in each MIDAS system’s database are now more secure than ever, and will be automatically updated the first time a user signs in to v4.42.

Self-Hosted customers: You’ll need to install the Perl module “Crypt::Argon2” if you wish to take advantage of this security enhancement. If this module isn’t available on your server, MIDAS will fall back to using bcrypt.

Option to sign out a user everywhere when maximum number of failed sign-in attempts reached

One of the existing security features in MIDAS is the ability for the software to automatically ‘lock’ accounts after a configurable number of failed sign-in attempts. Account access can then be quickly restored by an administrative user, or via a link that MIDAS will email to you if your account becomes locked in this way.

An account becoming ‘locked’ due to a high number of failed sign-in attempts prevents further sign-in attempts being made on that account. Until now, any existing active sessions that the user may have were allowed to continue unaffected.

For MIDAS v4.42, we’ve introduced a new security setting (found under MIDAS Admin Options → Security) that, if enabled and a user account becomes automatically ‘locked’ due to a high number of failed sign-in attempts, all active sessions for that account will be automatically terminated as well.

Suspending a user account instantly expires all active sessions for the user

If an administrator manually suspends a user account, MIDAS will now also expire all active sessions for that user. Previously, if an account was manually suspended, it wouldn’t affect any currently active sessions — now it does.

Security Fixes

We’ve also addressed a handful of security and account-related bugs for v4.42 which were discovered by our team…

Fixed: Possible to bypass forced password expiry

One of the “legacy” settings in MIDAS is the ability for administrators to routinely force users to change their password. Enabling this option isn’t something that we recommend. Indeed, this is considered bad practice, as forcing users to regularly change their passwords actually harms rather than improves security.

Despite that, some organizations still insist on routine password change policies, and therefore, we’ve had to retain this option in MIDAS.

MIDAS v4.42 fixes a small issue related to this, whereby since v4.39, if a user is forced to change their password due to it having expired, the user could easily bypass this requirement by simply hitting reload/refresh in their browser when prompted to set a new password. We’ve resolved this for v4.42.

Fixed: Weak passwords were allowed when passwords were reset

MIDAS includes a visual strength indicator when entering a new password. Very Weak, Weak, and Common passwords are blocked and aren’t allowed. However, a small bug existed that could allow a weak password to be chosen during a password reset. This has been resolved for v4.42.

Fixed: Not possible to add new user accounts in suspended state

Administrators have extensive control over the permissions that can be assigned to each individual user account. Individual user accounts can also be quickly ‘Suspended’ by an administrator. Until now, however, a small bug prevented new user accounts from being added in an initial ‘suspended’ state. This has now been resolved for v4.42.

3rd Party Deprecations and Updates

MIDAS includes a small number of 3rd party components, and it’s important to us that we use the latest versions of these wherever possible.

To that end, for MIDAS v4.42 we’ve updated jQuery to v4.00 and jQuery-Autocomplete to v1.5.0.

We’ve also deprecated qTip2, as this is no longer maintained by the developer. qTip2 was used in MIDAS for dynamic tooltips, like those you see when you ‘hover’ over the name of a venue in the booking grid.

Instead, we’ve built our own dynamic tooltip system from the ground up for v4.42.

Tags: ,

User Interface Improvements in MIDAS v4.42

2 minute read time · Updated March 3, 2026 · First published March 2, 2026

MIDAS v4.42 introduces a range of user interface (UI) and user experience (UX) improvements designed to make our booking software even faster, clearer, and easier to use. In this post, we’ll highlight some of the UI and UX improvements introduced in MIDAS v4.42.

If you follow our blog, you’ll already know about some of the new and improved features in v4.42. One example is the expansion of administrative permissions.

Administrative Area Improvements

The old “Manage MIDAS” screen has been split into separate sections, each now controlled by its own dedicated permission and accompanied by a unique icon.

Redesigned administrative area icons in MIDAS v4.42
Redesigned administrative area icons in MIDAS v4.42

Changes have also been made within each administrative area. We’ve moved the previous “Save Changes” button from underneath the settings to being fixed in the top-right corner. This eliminates the need to scroll through lengthy settings pages to save changes.

We’ve also refined the way changes are saved within administrative screens.

Improved Save and Change Indicators

The addition of a new “Unsaved Changes” indicator alongside the new save button draws user’s attention to changes they’ve made to settings which have yet to be saved.

Unsaved Changes indicator in MIDAS administrative settings
Unsaved Changes indicator in MIDAS administrative settings

In addition to the UI and UX improvements in the administrative area, we’ve also improved the “Quick Tour” in MIDAS v4.42.

Enhanced Quick Tour Experience

The “Quick Tour” is shown to new users by default upon their initial sign in. It provides a brief overview of the user interface and controls.

We have replaced outdated third-party code previously used to generate dynamic tooltips. In its place we’ve written new code for generating these tooltips. This has allowed us to make improvements, one of which is better highlighting of elements in the “Quick Tour”.

Quick Tour: User Control Panel
Quick Tour: User Control Panel
Quick Tour: Pending Booking Requests
Quick Tour: Pending Booking Requests

These updates reflect our ongoing commitment to making MIDAS both powerful and easy to use. By continually refining the interface and enhancing usability, we help administrators and end users work more efficiently every day.

If you’re new to MIDAS, start your free trial today and experience the improvements firsthand.

Tags: , ,

Intelligent Data Imports

3 minute read time · Updated March 2, 2026 · First published February 27, 2026

If you’re considering a new room booking system, one of your first concerns will likely be importing data from your current scheduling software.

MIDAS allows you to import bookings and data from a range of applications, and we’re always looking to extend this support.

In our last update, v4.41, we introduced better support for importing bookings from Skedda. This included support for “multi-room” bookings, as well as additional date and time formats.

In v4.42, we’ve introduced several additional improvements to make data imports even smoother.

Automatic Field Detection and Mapping

When importing data MIDAS needs to understand how fields in your source data correspond to fields in your MIDAS system. This process is known as field mapping.

After selecting a file to import, MIDAS offers a preview of your data in a table view. At the top of each column is a drop-down selector. This is used to inform MIDAS of the type of data contained in each column.

Field mapping interface when importing booking data into MIDAS
Field mapping interface when importing booking data into MIDAS

For example, if you’re importing bookings, one column in your source data will contain the room or space name. Setting that column’s drop-down selector to “Venue” ensures the data is imported correctly.

Until now, selecting the correct value from the drop-down selector at the top of each column was a manual process. For v4.42, MIDAS will now try and automatically detect the data in each column and suggest an appropriate value for its drop-down.

Of course, you should still check the drop-down for each column before continuing, but this new ‘auto detection’ feature should make importing data into MIDAS easier.

Support for Importing Split Client Names

In many cases of data import, client names are contained within a single field of data.

For instance, if you’re importing a booking for “Joe Blogs”, it’s likely that there’ll be a single field containing the text “Joe Blogs” in your raw data.

Some booking systems however may split client names across multiple fields when exporting data. There may for example be separate fields for first (given) name and last (surname).

MIDAS typically expects a single field containing the client name, but for v4.42 we’ve added support for instances such as the one described above where names are split across fields.

This improvement makes it easier to migrate to MIDAS from booking systems such as Hallmaster.

Together, these improvements reduce manual setup and make transitioning to MIDAS faster and more efficient.

Tags: ,

Bulk Modify User Account Permissions

2 minute read time · Updated February 26, 2026 · First published February 26, 2026

If you’re familiar with MIDAS booking software you’ll know that it offers an extensive range of access controls and permissions. Permissions can be assigned on a per-user basis. In fact, if you’ve been following our blog, then you’ll have seen that we’re adding 14 new permissions for MIDAS v4.42 too!

We’re now making it easier to apply bulk permission changes across multiple user accounts.

Previous Behavior

In previous versions, when adding or modifying a user account, an “assign permissions from group” drop-down was presented above the various user permissions that could be assigned:

Previous permission assignment method using user groups in MIDAS
Previous permission assignment method using user groups in MIDAS

This was a great way to quickly copy the current permissions from a user group to an individual user account.

However, this was a one-time action. MIDAS would snapshot the selected user group’s current permissions and apply them to the individual user account. Any subsequent changes to the group’s permissions would not affect existing user accounts.

Introducing Permission Inheritance

So we have re-worked this for MIDAS v4.42. The “Assign permissions from group” selector has been removed and replaced by a new role-based “Inherit Permissions from” selector.

When a user account is set to inherit permissions from a user group, any subsequent changes to that group’s permissions will automatically apply to all linked user accounts.

User account inheriting permissions from a user group in MIDAS v4.42
User account inheriting permissions from a user group in MIDAS v4.42

This now allows you to bulk modify user account permissions with ease!

When to use manual permissions

If you still want to grant or revoke individual permissions on a per-account basis, you can – simply set the “Inherit Permissions from” option to “[None]”. When you do this, MIDAS will display the complete list of current permissions for that user, allowing you to make individual changes as required.

User accounts set to ‘[None]’ will not be affected by changes to any user group permissions.

While this new feature may not be all that significant for customers with only a handful of user accounts, larger organizations with several hundred users will benefit greatly from the ability to modify user permissions in bulk.

Tags: , ,