In an effort to provide greater clarification for our upcoming security enhancement, effective Monday, November 4th, 2019, users of TazWorks system must access the site directly, and not through a marketing site or internal page. This change is expected to only affect roughly 3% of logins. For those affected, you will be required to discontinue the use of custom login forms for access to InstaScreen. Those using custom forms will instead need to provide a direct link to their respective InstaScreen Login page.
There are multiple ways to verify that the page will NOT be impacted:
- Navigate to the login page and verify the URL ends with /sso/login/taz
- The domain does not change after you login
- Has the Privacy Policy icon shown up on your login page recently? (You may need to disable ad blockers to see this)
Additional Q&A:
Q: I’m using a vanity domain or affiliate site hosted by TazWorks, do I need to make a change?
A: No
Q: I’m using a domain that ends with instascreen.net, what do I need to do?
A: Nothing
Q: Why on earth are you doing this!?
A: As you may be aware by monitoring your own website logs, attacks have been increasing drastically in both frequency and sophistication.
We fully understand your frustration and appreciate your concern with security changes. TazWorks security has detected a constant increase in the number of malware and bad bots attempting to access the system.
The additional security we have added uses reCAPTCHA V3 from Google to detect suspicious login traffic. Suspicious logins are then required to complete a second step (MFA) to protect against session hijacking malware and credential stuffing. This enhanced security requires additional logic and code on the login page that submits the login credentials.
When an end user’s machine becomes infected with malware, MFA tokens stored in the browser are not sufficient to protect user accounts.
For any additional concerns or questions, reach out to [email protected]