Portals; Security related messages updated

When opting to "Send Password Reset Link" from a Portal, the message supplied to the Client or User indicated whether their email existed in the database and therefore would allow potential attackers to determine a valid email address.

The message would also indicate if the Client or User's account was locked out, inactive or did not have web access granted.

If any of the above conditions are met, the reset process will no longer fail.

Instead, the message displayed to the Client or User has been updated to the more ambiguous (and therefore more secure):

If a matching email was found, a Password Reset link will be sent to you.

This link is only valid for 10 minutes.

NOTE: If you do not receive this email, please check your Junk or Spam folders. Alternatively, it may mean that your account is inactive, locked out or has not been granted web access.