If you follow our blog, then you’ll know we’ve been busy putting the finishing touches to the next update to MIDAS. Whilst each new version of our world class room booking and resource scheduling software includes exciting new and improved features and functionality, we’re also proactively committed to providing a secure scheduling solution for your organization.

To that end, MIDAS v4.13 includes a number of security enhancements which we’ll explain below…

15-Point Security Audit

We’re including an on-demand security audit with v4.13. Administrators may access this audit via MIDAS Admin Options → Manage MIDAS → Security. When run, the audit will test a number of key metrics of your MIDAS system. This includes your MySQL setup, MIDAS files, and recommended MIDAS settings. A detailed report is generated with appropriate advisories for improving and hardening the security of your MIDAS system:
15-Point Security Audit

Password “Block list”

MIDAS v4.13 includes a list of passwords that are considered “banned”. Banned passwords cannot be used by users when setting a new password or changing an existing password. By default, the block list contains the Top 1000 most common passwords of 2016. Passwords such as “123456”, “password”, “qwerty”, etc are included.

For our self-hosted customers, the list of banned passwords is also editable allowing you to add/remove banned passwords. You’ll find this within within the a file named “bannedpw.dat” within your MIDAS installation.

Improved clean-up of Temporary Logs

MIDAS has included a “Keep temporary logs for x days” setting for many years. This setting has previously defined how long entries persist in the “Recent Activity” log (an audit log which records all user activity within MIDAS). For v4.13 we’ve extended the functionality of this setting to also cover the persistence of log files which MIDAS may create from time to time. For instance, a log file is created if there are issues upgrading MIDAS from a previous version, or issues when importing data from another application, or when logging of API calls is enabled, etc. Whilst these log files would be retained until manually removed, the “Keep temporary logs for x days” setting will now ensure that these files are also removed after a specific period of time.

“Minimum” Minimum Password Length

MIDAS has also included a “Minimum password length” setting since its inception. This setting allowed administrators to set a minimum password length for all user passwords. Starting with v4.13 it will no longer be possible to set this value less than 5 characters.

Password Strength Indicator

Password Strength IndicatorOur password strength indicator has been a feature for administrators creating new user accounts since v4.07. For v4.13, we’ve also made this useful visual indicator available whenever an end-users changes their password. The visual indicator classifies the password as either “Very Weak”, “Weak”, “Fair”, “Good” or “Strong” as you type, with a corresponding color to match (i.e. Red = Very Weak, Orange = Fair, Green = Strong). This classification is based upon a number of factors including the length of the password, the presence of upper and lower case letters as well as numbers and special characters, and whether the password has been banned.
We hope the addition of this visual indicator for end-users will help promote the use of strong passwords.

MIDAS v4.13 is expected to be made available to Beta Testers in the next few weeks, with a general release shortly after. We’re always looking for additional testers to help test and provide feedback/bug reports on pre-release versions of our software, like v4.13. Becoming a tester is free and no experience is required, and what’s more we’ll reward you for your participation! Find out more about becoming a MIDAS Beta Tester here.

If you would like to be notified when v4.13 is fully released, then why not join our Mailing List?