Skip to content

Password Management and Requirements

This page covers how to manage login attempts, password requirements, and user credentials in Evergiving, ensuring compliance with security best practices and PCI DSS requirements.

How can I reset my password?

The system is requesting I update my password

If you are an Admin user or an Agent, you must update your password every 90 days. Upon login, the system will prompt you to configure a new password.

Please note that when updating your password, Evergiving does not ask for a confirmation for the new password. You must enter your existing password followed by the new password.

  • In the first field, enter your current password
  • In the second field, enter your new password (usual password requirements apply)

You have 120 seconds to enter a new valid password.

If your password is rejected, please check that :

  • You have entered your current password in the first field
  • Your new password meets the password requirements

I lost my password

If you have lost your password, or wish to update your current password because it's been compromised, navigate to the Evergiving login page and click on the “Forgot your password?” link below the sign-in button.

On the next screen you will be prompted to enter your Evergiving username. Click on the "Send Me Instructions" button.

An email with a reset link will be sent to the email address attached to your username. Please check your spam folder.

If you don't receive the email with the reset link, please check:

  • That you have entered your Evergiving username in the field
  • Your spam folder

Click on the link to reset your password, the usual password requirements apply.

Logins

How Many Login Attempts Are Allowed before a User's account is Locked?

  • Users will be locked out of Evergiving for 30 minutes after 6 consecutive incorrect password attempts.
  • A warning is issued after the 5th incorrect attempt.
  • The system does not reset the incorrect attempt count unless a correct login occurs, meaning spread-out incorrect attempts will still lead to a lockout on the 6th failed attempt.
  • Once locked, no actions, such as updating passwords, can unlock the account until the 30-minute lockout period has expired.

Tip: On the 5th attempt, it's best to use the password reset option to avoid being locked out.

How can I unlock my account?

No actions, not even the Evergiving support team, can unlock an account until the 30-minute lockout period has expired.

Please wait until the 30-minute lockout period has expired and reset your password using the "Forgot My Password" link.

Why is My account Locked?

A common reason for account lockout is multiple users sharing the same login credentials. This is not only a security risk but also a violation of PCI requirements. Each user should have their own unique login to ensure:

  • Accountability for actions taken in the system
  • Clear audit trails in the logs
  • Prevention of system-wide lockouts due to shared credentials

To solve this, create separate user accounts for each person who needs access to the system. Admins can do this via the Users page in the Admin panel of Evergiving.

Passwords

Individual Accounts

Each user must have a unique login for security, auditability, and compliance reasons. The main reasons for using individual accounts include:

  • PCI DSS compliance.
  • Best practice for data security.
  • Avoiding system-wide lockouts when a shared login fails.
  • Maintaining clear audit trails of changes made to pledges and accounts.

Password Requirements

Passwords must meet the following criteria:

  1. Admin Users and Agents

    • Minimum of 12 characters.
    • Must include both numeric and alphabetic characters.
    • Changed every 90 days.
    • Cannot reuse the previous 4 passwords.

  2. Fundraisers and Campaign Managers:

    • Minimum of 6 characters.

Additional Recommendations for User Account Management

To enhance account security, we recommend incorporating the following practices, particularly for organizations under PCI compliance:

  1. Assign unique logins to all users (no sharing).
  2. Implement policies for adding, deleting, and modifying user accounts.
  3. Immediately revoke access for terminated users.
  4. If you believe your password has been compromised, reset it immediately.