The following is a round-up of upcoming security improvements and changes to the Echo platform. Please note the Planned Release dates.
Changing how updated passwords security works
Planned change: When a user's password is changed, any current sessions where that user is authenticated using the previous password will become inactive, and the user will have to login again with the new password.
Planned release: April 22, 2021
- If a user changes their own password and is using one browser, they will continue to be able to use Echo without having to sign in again as long as it is the same browser session.
- If a user changes their own password and is using multiple browsers, they will continue to be able to use Echo without having to sign in again with the same browser session. However, they will have to sign in with the new password in the other browser(s).
- If an admin changes a user's password while the user is using Echo, the user will have to sign in again with the new password.
Reason for change: This change will prevent an unauthorized user from sustaining access to an account by keeping the browser session active. Instead, the unauthorized user would be logged out after the password was changed.
Blocking messages to unverified accounts
Planned change: With sufficient notice, Echo will begin blocking messages for unverified emails and phone numbers.
Planned release: TBD
Current status: Users can now verify their email addresses and phone numbers in the User menu > Settings controls. Where possible, Echo Administrators should encourage users to verify their information. A banner appears above the Echo toolbar prompting users to verify their information. They can click Settings to jump to user settings, or open their User menu and select Settings.
The banner can be enabled/disabled by Echo Support. If your users do not currently see the banner and you would like them to, please reach out to Echo Support to enable the banner message.
Reason for change: By verifying user's email and phone numbers, we are preventing communications and notifications from being sent to the wrong email or phone number. This protects potentially sensitive information from being shared and avoids an unintended recipient from getting unwanted email and notifications from the system.
Changing ‘Mail From:' COMPLETED
Planned change: The Mail From: domain will be changed from amazonses.com to buzz-mail.agilix.com. When messages are sent from Echo there is a Mail From field and From field. Mail From will be changing; From will continue to be email@example.com.
Planned release: April 29, 2021
This change impacts: Echo users hosted by Agilix at <schooldomain.echo-ntn.org or custom URL with an API address of api.agilixbuzz.com.
Reason for change: When messages are sent from Echo, there is a Mail From field and From field. The Mail From field is generally hidden in the email header and not normally visible to teachers or students, but is used by some school email systems to block undesirable e-mail. Because amazonses.com is used by thousands of other websites, technology departments have been hesitant to allow email from this domain to pass through the filter. This can prevent teachers and students from using Echo's communication tools. Having a custom Mail From domain that is used specifically for Buzz apps like Echo, will allow schools to open the door for emails from Echo while still preventing emails from other web sites.
Important Next Steps
If your email system restricts the domains that are allowed to message your students and teachers using the Mail From field:
- Add buzz-mail.agilix.com as authorized senders to your email filter
- After April 29, you can remove amazonses.com domain from your security rules.
Echo is constantly being improved based on the feedback from users and we strive to keep our documentation up to date. If this document doesn’t match what you are seeing in Echo, please let us know.