There have been some recent large-scale security breaches at popular retailers here in the United States where millions of records of personal data and even credit card numbers have been stolen. Team SoftwareKey takes security very seriously. We are excited to announce several new security enhancements that we will soon be rolling out in SOLO Server, starting with build 188.8.131.52.
We understand that many of our customers have unique ways of interfacing with SOLO Server and their customers. It is important to first understand a little history of SOLO Server and the need for these security enhancements. To perform an online activation, the end-user needs to enter a License ID and Password. In early versions of SOLO Server, the software publisher was able to generate unique, random passwords for every customer when adding the license.
When we added the self-service features of our eCommerce and customer license portal, customers were given the option to set or change their password. Though best practices dictate using a unique password for every web site or service, it is quite common for people to reuse the same password across multiple web sites. This can lead to a security risk, because if a password from one site is compromised, then accounts on other web sites could potentially be compromised as well.
The first step we took to address security concerns was to ask the customer to choose a unique password and even offered a link to generate a randomized password when creating an account through the shopping cart. To drive the point home, we even warned the customer that support personnel would be able to see the password that was entered. This feature was published in 2013. We found that customers disregarded this warning.
Starting in SOLO Server build 184.108.40.206, we removed the customer password from being displayed on the default order transaction receipt page and transaction receipt email. Instead of displaying the password, a link is available in these receipts to recover the password by email. If you are using a custom invoice template or for some reason need to have the password displayed on the transaction receipts (not recommended), please open a support ticket.
Even though we do give customers the option to use a random password generation feature during shopping cart checkout, we wanted to take further steps to ensure additional security in case they do not choose to use a unique password. In an effort to minimize the exposure of customer passwords in SOLO Server, we have made several changes:
We acknowledge that these changes may cause inefficiencies. We hope that you agree that these security enhancements are important to avoid any potential data breaches, even if it requires a few extra steps by the customer or your staff.
If you experience any issues with the passwords, including when using web services calls, please let us know. More information will be provided soon on any necessary adjustment due to these security enhancements.
Mike Wozniak is one of the co-founders of SoftwareKey.com and responsible for marketing, content and product strategy. When he isn't plotting new ways to help customers solve licensing and business automation challenges, he likes to travel and entertain guests who come to visit the Orlando area. He also writes most of the licensing tips here.
SOLO Server 220.127.116.11 Released with Enhancements to Custom License Parameters and Multi-Tenant Catalog Features
SOLO Server 18.104.22.168 Released with Custom License Parameters and Multi-Tenant Catalog Features
4 things developers often overlook when securing their software
5 Blatant Truths About Software Licensing Systems and Piracy
SoftwareKey Notice Concerning OpenSSL “Heartbleed bug”
Now an Easier Way to Define Custom License Data