What’s New
This release introduces a major set of security and access management enhancements designed to strengthen account protection, improve user authentication controls, and reduce the risk of unauthorized access. The updates focus on securing login activities, improving password management practices, and providing additional verification layers for sensitive account access. These improvements help organizations maintain stronger security standards while delivering a safer and more reliable user experience.
December 3, 2025
1. Enhanced Account Lockout Protection for Failed Login Attempts A new account lockout policy has been implemented to automatically protect user accounts after multiple unsuccessful login attempts. This enhancement helps prevent unauthorized access attempts such as brute-force attacks by temporarily restricting repeated failed sign-in activities. Users and administrators now benefit from improved account security while reducing the risk of compromised credentials. The enhancement also provides better visibility and control over suspicious login behavior, helping organizations strengthen overall access security.
2. Improved Forgot Password Process with Stronger Security Controls The Forgot Password workflow has been enhanced to provide a more secure and user-controlled password recovery experience. Additional validation and security checks have been introduced to help ensure that password reset requests are legitimate and protected against misuse. These improvements reduce the risk of unauthorized password changes while making the recovery process clearer and more reliable for users. The updated flow also improves confidence in account recovery without compromising usability.
3. Prevention of Weak and Common Password Usage
The system now restricts the use of commonly used and high-risk passwords during password creation or updates. This enhancement helps users create stronger credentials that are less vulnerable to guessing attacks and credential-based security breaches.
By enforcing better password standards, organizations can significantly improve account protection and reduce the likelihood of compromised user accounts. The update encourages stronger security practices across all users while maintaining a simple password setup experience.
4. Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) has been introduced for QCA to provide an additional layer of account security during login. Users are now required to complete a secondary verification step, helping ensure that only authorized individuals can access the platform even if passwords are compromised.
This enhancement strengthens protection for sensitive business data and improves compliance with modern security best practices. The MFA implementation also helps reduce risks associated with stolen or reused credentials see more..
5. Controlled Session Logout Limit with 24-Hour Maximum Duration The system now enforces a maximum logout interval limit of 24 hours to improve session security and reduce prolonged inactive access. This enhancement ensures that user sessions automatically expire within a controlled timeframe, minimizing the risk of unauthorized access from unattended or shared devices. By limiting extended session durations, organizations gain better control over account activity and access management. The update helps maintain a balance between user convenience and stronger security protection standards. see more..
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article
