We recently finalized and posted our latest build of SOLO Server: 1.15.2.1. Although there are many small changes, improvements and fixes in this release as outlined in the full release notes, there are two main enhancements of interest in this release.
Introduction of the Activation Password field
In a previous blog post, we outlined in Phase 3 our plans to remove the customer password from the SOLO Server administration interface to improve the overall security of the system and the customer data contained within. After talking to customers and giving careful thought to this design, we determined that it was necessary to provide an easy way for SOLO Server administrators and customer service representatives to view the password required for software activation without exposing the ability to see the customer’s password that was used for the shopping cart and customer license portal.
In this release of SOLO Server:
- Previously the Customer Password was removed from the shopping cart transaction receipts and replaced with a “Forgot Password” link. Now everyone will see a new Activation Password field on the License Details page, Customer License Portal, and shopping cart transaction receipts.
- For all License records, the Activation Password will be a randomized string of alphanumeric characters without using confusing characters such as 1, 0, I, O.
- End-users (or your customers) will be able to activate software with either the Activation Password or their previously established Customer Password (previously listed as just “Password”), which means that previous credentials will continue to work.
- We will be hiding the Customer Password from the administration interface and all reports and replacing this value with the Activation Password.
- Any mailing templates that use the search/replace variable [varPassword] will need to be updated to use [varActivationPassword]. This also applies to the Order Confirm HTML and Customer License Portal HTML fields. The [varPassword] search/replace variable will continue to work for the time being.
- Customers will be able to log into the Customer License Portal and Shopping Cart using their Customer Password but not the Activation Password.
We understand that some changes like this create confusion. However, we feel confident that these changes were necessary and the introduction of the Activation Password feature has additional benefits, such as:
- Software distributors can purchase licenses on behalf of their customers and provide software license activation information without sharing their main account password.
- A Customer who purchases multiple software licenses under the same account will have more randomness between licenses, and IT administrators will not need to share the main account password in order to activate software licenses.
- End users who have the Activation Password but not the Customer Password will not be able to log in to see all of the other licenses assigned under the same account.
Additional updates to the Activation Password were completed in the next release of SOLO Server. View the SOLO Server 1.15.2.2 Released blog post for more information.
New Software Deactivation Option – Ban versus Deactivate
When a customer successfully activates with a license, each installation can be assigned a unique Installation ID, and there are multiple ways that an Installation can be deactivated or banned. When the customer chooses to deactivate an Installation through the Customer License Portal or inside of the software application, they have always been allowed to re-activate the software on the same computer. However, when an administrator deactivated an Installation from the activation history in the SOLO Server administrative interface, a warning message appeared that you were banning or blocking this computer from activating with this license in the future on the same computer. Early feedback from customers showed that they wanted to be able to prohibit the same computer from activating again. The thought process was the fact that deactivating an Installation would increment the Activations Left parameter for that License ID, allowing a different computer to activate. The administrator always had the ability to reactivate a deactivated/banned Installation through the administrator interface.
In this latest release of SOLO Server, however, administrators are given the option to either ban or simply deactivate the Installation ID when using the SOLO Server author interface. Clicking the Red X in the activation history for an Installation ID will display a message similar to:
“Do you want to deactivate or ban InstallationID “93832-ABCDE-82YFM-123454-UP5D3-Z”? Banning an installation will permanently prevent future activation on the computer.”
[Deactivate] [Ban] [Cancel]
Clicking Deactivate will allow the same computer to activate under the same License ID. Clicking Ban will prohibit this computer from activating under this same License ID.
Feel free to contact us with any questions you have.
Awesome changes!
I find myself very confused after reading thru this. I don’t know what “main account password”, “everyone” who can see passwords, etc. We manually generate ID and passwords and give them to the end user to activate their software. The simple question that I can’t answer from the article is: Which password is to be given to the end user when they purchase software from us and we have manually generated Customer ID and Passwords?
Hello Phil – the “main account password” is the Password field on the Customer Details screen. Depending on how the Customer record is added into SOLO Server will determine how this value gets its initial value. For example, end users who make a purchase online through the shopping cart will choose their password, while if you are adding records, this could possibly be set by you or randomized by the system.
You should see a new Activation Password on the License Details page, and this should be given to the customer to activate the software. For backward compatibility, end users can activate with the new Activation Password or their previously given or current value of the Customer Password.
Going forward, we will be making some additional changes in SOLO Server so that only randomized passwords will be displayed to administrators like yourself. Once an end user changes the password, it will be securely hashed and unavailable to anyone but the end user through a password reset mechanism using their registered email address.
I hope this clarifies things for you and everyone else. Let us know if you have further questions.
Mike – Thanks, that does clarify things. I guess there are all kinds of
features we didn’t know about. Sounds like the end users can log into
some sort of webpage and change passwords. Is this true for
manually-generated passwords we create, or only for purchases thru the
SoftwareKey shopping cart system? With the new changes, if they call
and complain they can’t activate the software, we won’t be able to tell
them for sure what their password is? I’m having trouble seeing how our
Tech Support person can help with activation issues if the password is
hidden from us…. (Though I think it’s probably nice for the end user
to be able to keep their password secure)
Hi Phil,
To help customers activate software, your support reps will be able to provide the Activation Password, found on the License Details page.
To help customers log into the Customer License Portal, your support reps just need to make sure the customer’s email address is correct on the Customer Details page. They can then use the Forgot Password link on the login screen to go through a password reset process. We will be adding a button on the Customer Details page to tell the system to send out this email automatically.
To make it very easy for support staff to provide common instructions to your customers, you could create an Authors / Mailing template that contains predefined instructions along with search/replace variables and use this with the Email Customer button on the License Details page. In a few clicks, the instructions can be send to the customer.