For MIDAS v4.26 we’re improving the password change process for users, with the introduction of a new “Disallow Known Breached Passwords” admin setting:
Disallow Known Breached Passwords
With this setting enabled, whenever a user changes their password MIDAS checks that it doesn’t appear in any known online data breaches.
Have I been Pwned?
This feature utilizes the popular 3rd party “Have I Been Pwned” service. This is a database of more than half a billion passwords which have previously been exposed in various data breaches.
Don’t worry though, your actual password is never sent to the “Have I Been Pwned” service. Here’s how it works;
You enter a desired new password in MIDAS.
MIDAS creates a cryptographic “hash” (SHA-1) of the password you entered. The first five characters of this hash are sent to the Have I Been Pwned service.
If hashes with the same first five characters are found in the Pwned Passwords repository, the Have I Been Pwned service responds with all these hashes.
MIDAS sifts through the received hashes to see if there’s a complete match with the full SHA-1 hash of your new password.
If a match is found, your desired password has appeared in at least one public data breach. MIDAS will then display an alert and ask you to enter a different password.
The Change Password dialog in MIDAS
The chosen password isn’t considered secure as it appears in other online data breaches
The new “Disallow Known Breached Passwords” setting in MIDAS will be enabled by default. It can readily be enabled/disabled via MIDAS Admin Options → Manage MIDAS → Security.
We’re passionate about security, and this latest improvement is just one of the ways we help keep your account and MIDAS system secure.
Interested in learning more about security in your MIDAS system? Try these links…
In these unprecedented times, many organizations were forced to suspend their operations for the past several months. However, some are now beginning to take the first tentative steps towards reopening.
For most businesses who manage and hire out their facilities, this means making some fundamental adjustments to the way they operate.
So we wanted to share some tips on how to get the most out of your MIDAS booking system as your business navigates the road ahead…
1. Allow more staff to work from home
One of the benefits of cloud-based software like MIDAS, is that it can be accessed from anywhere with an internet connection.
Access your hosted MIDAS system from home
This means that your administrative staff can log into your organization’s hosted MIDAS system remotely from home, just as if they were in their office at work.
“Remote Working” or “WFH” (Work From Home) is fast becoming the new norm. Many businesses are actively encouraging their staff to do so for at least the rest of 2020.
A cloud-hosted MIDAS system helps make this possible by allowing your staff to securely access your booking system from wherever they are.
If you currently run a self-hosted MIDAS system behind a proxy/firewall, please contact your IT admins. They should be able to arrange remote access to your MIDAS system.
2. Limit venue (room) capacities
Maintaining adequate social/physical distancing prevents arguably one of the biggest challenges when it comes to hiring out rooms and facilities.
When first setting up your “venues” (rooms/bookable spaces) in MIDAS, your administrator will have defined a maximum occupancy level (capacity) for each. This is the maximum number of people that each space can safely accommodate at any give time. These limits are enforced by MIDAS whenever new bookings are added and when a number of attendees are specified.
Limit the number of persons allowed in each space
In this new age of social/physical distancing, it’s likely you’ll need to review the number of people allowed in each space at any one time.
MIDAS makes it easy really to adjust the maximum capacity of each of your venues. You’ll find this setting via MIDAS Admin Options → Manage Venues → [select venue(s)] → Capacity:
Setting a maximum occupancy (capacity) for each venue
You may also wish to consider enforcing the entering of the number of attendees for every booking. By default, the “Attendees” field on the Add Bookings screen is optional (i.e. it can be left blank). To make this a required field, go to MIDAS Admin Options → Manage MIDAS → Fields → Booking Fields. On this screen, tick the “Required” box for the Attendees field:
In addition to being able to set maximum occupancy levels for each room/space, MIDAS also allows setting a “global” (site-wide) occupancy limit too.
MIDAS can warn you if the total number of people across all your facilities at any one time would exceed a threshold. It can also prevent further bookings if the total number of people on site exceeds a set threshold.
Keep track of the total number of people on your premises at any given time
You’ll find these settings via MIDAS Admin Options → Manage MIDAS → Safety.
4. Allow bookings (or booking requests) to be made online
Did you customers used to make bookings in person with your receptionist or office staff?
Did you know that MIDAS includes as standard both “Public Booking Request” and “Public Web Booking” features?
These public-facing features can help reduce face to face contact between your staff and customers.
Allow customers to check room availability and book/request online
The Public Booking Request feature allows your customers to check availability of your rooms and submit booking “requests” online from the comfort of their own homes. Received booking requests can then be quickly approved/rejected by an administrator with just a few clicks.
The Public Web Bookings feature is similar to the Public Booking Request feature, but allows your customers to make direct bookings online (rather than just booking “requests”). They can also pay for their bookings directly at time of booking.
The Public Booking/Request features may be enabled via MIDAS Admin Options → Manage MIDAS → Public.
5. Allow clients to pay their invoices online
If you use the extensive Invoicing capabilities of MIDAS, how do you clients normally pay you? If it’s by physical cash, did you know that MIDAS supports online invoice payments?
Allow customers to pay their invoices online
This feature may be enabled via MIDAS Admin Options → Manage MIDAS → Invoicing → Online Payments.
MIDAS allows you to edit and customize a wide variety of “templates”.
These templates may be customized via MIDAS Admin Options → Manage MIDAS → Templates.
Customizable Templates in MIDAS
Here’s a few useful templates to highlight:
The “Welcome Note” template can be used to provide information or a custom message to users on their MIDAS login screens. This is a great way to let your staff know of any important changes.
The “Public: Web Requests” and “Public: Web Booking” templates can be used to provide information or updates to your customers on Public Booking/Request screens.
The “Email: Booking Reminder” template can be used to include important information for your customers in advance of their next visit. For instance, if they are required to wear a face covering/mask on your premises, you could let them know via email before their bookings take place.
You can enable and configure how far in advance Booking Reminder email notifications are sent to customers via MIDAS Admin Options → Manage MIDAS → Scheduled Tasks.
No technology is perfect, but here at MIDAS we believe that working with skilled security researchers across the globe is crucial in helping identify potential weaknesses in our software and infrastructure.
That’s why this week, we’re pleased to launch our new dedicated Security Center at security.midas.network
From this dedicated portal, you can …
Report a Security Concern or Vulnerability
We work alongside researchers who responsibly disclose security issues, to address such concerns and vulnerabilities in a timely manner. Our Reporting Guidelines page offers guidance for security researchers wishing to raise a concern with us.
Contact our Security Team
Our security contact page provides methods of getting in direct contact with our security team to raise a security concern in our software or infrastructure.
Read the latest Security Advisories
If a serious concern within our software or infrastructure is identified, we may issue a “Security Advisory” containing advice for customers and end-users. We will publish Active Security Advisories here: security.midas.network/advisories.
View our latest Security Audits
As part of our transparent approach to security, we’ve included a “Security Audits” section in our Security Center. Here you’ll find reports and results from both internal and external security audits on our software and infrastructure.
View our Security Changelog
Until now, we’ve been publishing two “change logs” (or “Release Notes”). One for significant major updates to our software, at mid.as/changelog. The other details interim “bug fix” updates, and may be found at mid.as/updates.
Avid readers of these change logs may notice on occasion the entry “Security Enhancements“. These are improvements we make to the security of our software, but which we typically don’t publish details of.
However, more information on these “Security Enhancements” will now be published in the Security Changelog in our Security Center. The log will also include details of security updates and improvements to our network and server infrastructure too.
View our Security “Hall of Fame”
We appreciate the time and effort that security researchers contribute. So we’ve set up a “Credits” page where we gratefully acknowledge and thank those who help keep MIDAS and our users safe.
If you’ve been following our blog in recent weeks, then you’ll know that we’ve been busy during the UK lockdown. We’ve been hard at work at our next update to MIDAS v4.25, which is out now! For this update we’ve added dozens of new features and improvements, which we’re really excited about!
Self-Hosted customers with active Support Subscriptions will be able to update to v4.25 in the coming weeks. It only takes a couple of clicks – simply log in to your MIDAS system and go to MIDAS Admin Options → Manage MIDAS → Update.
If no update is available, please check back again in a few days time, as we are staggering updates for self-hosted customers over the next few weeks.
“Cloud Hosted” Customers:
Cloud-Hosted customers don’t need to do anything! – All our active Cloud-Hosted MIDAS customers were automatically updated to this latest version of MIDAS this past weekend (4-5th July)
Important Information For Existing Customers Regarding Invoicing in v4.25
We’ve made some changes to invoicing in MIDAS for v4.25, and we’d like to draw your attention to one specific change;
If you’ve previously manually created or modified invoices in your MIDAS system, and in doing so altered totals with the auto-recalculation option disabled, then your previous invoices may look slightly different after being updated to v4.25.
You may see the addition of balancing items or balancing credits listed on previous invoices. These may be added in some instances to ensure that the items appearing on each invoice match the invoice’s total.
If you have invoices where you’ve modified line totals without allowing MIDAS to correctly recalculate the grand total, and you wish to retain these invoices their current state (without balancing items/credits being applied), we suggest that you print these invoices prior to updating to v4.25.
It is important to note however that the presence of balancing items or credits on previous invoices will not affect an invoice’s total.
Should you have any questions or concerns in this regard, please don’t hesitate to reach out to us, and we’d be happy to help!
Thank you for your continued support of our software during this unprecedented period of global uncertainty. Please remember that if you’re an existing customer affected by the current situation, we’re here to support you!
