Take a minute to consider the sensitive, personal information stored in your church's Planning Center account. You have people's donation records, background checks, medical notes, prayer requests; and if you use Check-Ins, children's regular times and locations.
We do a lot to protect this precious data behind the scenes. In the coming months, we'll be releasing some security features to help you protect it even more.
The first of these features have to do with the proverbial keys to the kingdom: passwords.
Compromised Password Checking
Over the years, more than 430 companies have suffered major data breaches, including LinkedIn, Dropbox, Evite, Yahoo!, Kickstarter, Ticketfly, MySpace, Equifax, and Zynga (remember Words With Friends?). In total, over 100 million email and password combinations were stolen.
With every breach that occurs, hackers compile these stolen credentials into giant lists that are freely available on the internet. That’s a big problem because attackers know that people use the same email and password combination for popular websites: Gmail, iCloud, Facebook...and Planning Center.
It’s like a big box of stolen keys. Grab a key and try some locks!
To address this vulnerability, we built a system that safely checks your email and password combination against publicly available lists of compromised passwords. If there’s a match, we’ll immediately ask you to reset your Planning Center password.
On this page, you can quickly reset your password with minimal fuss. At the bottom, there are some FAQs for curious and potentially alarmed readers.
As more companies continue to suffer data breaches, these public lists of stolen passwords are always growing. So, we’ll perform this check each and every time you and your staff log into Planning Center.
Passwords Strength Checking
To help you determine password strength, we added a password strength checker for when you create a new login or reset your password. Here it is in action:
Most password checkers are awful. They work by enforcing rules about the types of characters in your password (numbers, capital letters, spaces, special characters, etc). They'll tell you a password like 1234Abcd# is strong (it's not) while a password like Penguins and horses love church! is weak (it's actually great).
Instead of hard rules about what kinds of characters are required, this strength checker is driven by algorithms that evaluate a password’s real-world strength. It doesn’t care what kinds of characters you use. It only cares that it’s not easily guessable or quickly cracked.
More Security Features to Come
There are more security features in development that build on this work. With each update, we’ll aim to strike a balance between convenience and safety for anyone who logs into your church’s Planning Center account.
Thank you for entrusting us to secure your database. Many of us use Planning Center at our own churches and our friends and families rely on the same system you do. It’s a responsibility we take seriously each and every day.