Monday, February 28, 2011

Release 2011-02-28: Pareto Analysis

Scorecard Improvements

  • Added an optional Pareto analysis and Variance analysis to each process and metric review (on the Process Review screen).
  • "Tactic Assigned" and "Review Overdue" messages are now generated for process improvements and corrective actions as well as tactics.
  • Now everyone has access to the Load Metric screen (formerly only the Application Manager had access).  It works like the Batch Data Load screen except it only loads one metric at a time and it's designed to be used by cutting and pasting data directly from your spreadsheet into the system.  This makes it even easier for each metric reporter to enter their own data (and historical data too).  Look for the little blue load link next to your favorite (non-batch-loaded) metrics on the Business Unit screen.

Usability Improvements

  • Made Metric Subsets stickier - now editing a metric or updating a review leaves you in the subset you were in.  Editing a process or function or clicking something in the left-hand navigation still pops you out of the subset.
  • The subset name now appears at very top of the screen, making it more obvious and mirroring the way the Function View works.
  • Changed name of "Scorecards" and "Plans" section in left-hand navigation to "My Scorecards" and "My Plans" for clarity.
  • (Brief) message on each user's home page announces the new release.

Security Improvements

  • We now store each password using multiple rounds of SHA-512 hashing with unique salt for each user, which is currently state-of-the art for making passwords "unrecoverable."
  • This increases the maximum password length.  All alphabets of the Unicode Basic Multilingual Plane (BMP) are still supported in both the password and user ID (and every other field in the system).
  • We have also improved our password requirements (to encourage people to make better passwords), by adding several popular passwords to the list of reserved words and by prohibiting 4 or more of the same character in a row (e.g. 1111, AaAa, etc.).
  • To take advantage of the new storage you must change your password.
  • Ninety days after this release, anyone who hasn't changed their password yet will be forced to change it.
  • It is still each user's responsibility to use a unique password for every account, to make each password strong, unguessable, compliant with their organization's security guidelines, and to keep each password secret, never sharing it or their account with others for any reason.
  • PlanBase is continually looking for ways to improve security, not just password security.  PlanBase encourages people to use good passwords by having password requirements, by making helpful suggestions, and by storing passwords securely.  But even PlanBase cannot protect you against a hacker outright guessing your password (on the first try), or stealing a reused password from another site and using it to access this one.  Only you can choose a unique, unguessable password for each of your accounts and store them securely.  Please do your part to keep your account, your company, and PlanBase applications secure.

No comments: