4.8 Release Notes

Released 21 June 2019

Release Highlights

Status	Description	Product
FEATURE	Password Policy & Usability Enhancements	PLATFORM
FEATURE	Password Strength Indicator	PLATFORM
FEATURE	Remove Confirm Password Field	PLATFORM
FEATURE	IATA Resolution 830d Email & Mobile Messaging	PLATFORM
FEATURE	Care - Consultant Desktop	PLATFORM
FEATURE	WCAG 2.0 Accessibility Enhancements - Level AA	PLATFORM
FEATURE	Credits Expiry Notification Email	PLATFORM
Platform Administration
FEATURE	Emulate User Login Functionality	PLATFORM
FEATURE	Traveller Sync History XML Viewer	PLATFORM
FEATURE	Login History	PLATFORM
FEATURE	Profile - Gender Display Options Configurable	PLATFORM
BUG FIX	Add Credit Card Expiry Year - iPad Selection Issue	PLATFORM
BUG FIX	Passport Middle Name Not Saving if Blank (manual entry)	PLATFORM
BUG FIX	Incorrect Description in Approver Update	PLATFORM
BUG FIX	Login History API Error	PLATFORM

Password Policy & Usability Enhancements

When required to create complex passwords, users tend to do the minimum, thereby resulting in a weaker password that can be more easily hacked. Based on the latest recommendations to come out of the National Institute for Standards and Technology (NIST), changes have been made to the Travel Platform password policy to achieve a better balance between password quality and user experience.

The NIST recommends, among other things for passwords:

never expire
no required character complexity or variety rules to be implemented
the minimum length for passwords be set to 8 characters
the maximum length for passwords be set to 64 characters
passwords be checked against known bad passwords, banned lists, etc.

Based on these recommendations and considering that passwords must be hashed and salted when stored (which converts them to a fixed-length representation), there should not be unnecessary restrictions on length in the travel platform.

The Travel Platform has implemented the above recommendations as part of this release in addition to a new password strength estimator.

NIST password guidelines have been used by many government institutions and federal agencies,
businesses, and universities for more than a decade.

Password Strength Indicator

Password strength meters are an important tool to help users choose stronger passwords. Using a popular algorithm developed by Dropbox, our new password strength meter alleviates the need for convoluted password complexity rules and will now favour length over complexity.

Based on the latest research and recommendations from NIST the only requirement is a minimum of 8 characters and sufficient password strength.

The above examples show the new Travel Platform’s strength meter encouraging stronger password selection by providing intuitive tips and suggestions.

Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US/AU census data, popular English words from Wikipedia and US/AU television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.

Remove Confirm Password Field

Confirm Password has now been removed from the password reset form and change password form which makes for a simpler and more convenient user experience, particularly on mobile keyboards.

To assist with users incorrectly typing in passwords, a new feature has been added into the password control allowing the user to toggle password masking on/off. By default, when viewing via a desktop the password field is always masked.

A Show or Hide toggle is shown inside the password field, allowing the password entered to be displayed onscreen.

IATA Resolution 830d Email & Mobile Messaging

With the recent introduction of IATA Resolution 830d, Kudos incorporated a new hover message box in the profile email and mobile phone fields advising the importance of this information. From 1st June 2019, all IATA-accredited agents will be required to provide airlines with customer contact information, so that the airline may contact the passenger during an operational disruption.

Email and Mobile Phone fields are already mandatory within Profiles. This new messaging will reinforce the importance of entering accurate data to prevent passengers from being disadvantaged during their travels.

Care - Consultant Desktop

Care was previously available as a Dashboard Widget for Travel Consultants (TAM). This release now makes this option available in the Navigation Panel, providing consultants with easy access to client traveller tracking and real-time destination risk information.

WCAG 2.0 Accessibility Enhancements

Web Content Accessibility Guidelines (WCAG) is the global standard in digital accessibility guidelines. It enables all organizations to measure the accessibility of content, sites, and apps against documented success criteria for all people, including those with disabilities.

WCAG 2.0 Guidelines are categorised into three levels of conformance in order to meet the needs of different groups and different situations: A (lowest), AA (mid-range), and AAA (highest). Conformance at higher levels indicates conformance at lower levels.

The 4.8 Release had the Travel Platform undertake a full WCAG accessibility audit that resulted in a remediation strategy that saw all requirements implemented in order to achieve Level AA conformance.

Platform Administration

Emulate User Login Functionality

To assist Travel Agencies and the support of their clients, this new Kudos Administration feature allows a 1-click login to any accessible (active) profile directly into their Travel Platform.

Use the Travellers menu option and search for the profile required.
Select the Login icon associated with the user profile to be logged in automatically to the Travel Platform as the user.

After authenticating the selected profile, a new window will open with the Travel Platform logged in under that user’s credential.

Traveller Sync History XML Viewer

To allow travel agencies the ability to self-help and troubleshoot, transparency with Profile sync for any active Inbound or Outbound service has been added.

Use the Travellers menu option and search for the profile required.
Select the user’s profile (e.g. traveller) required, as seen in the following example.
- The Personal Details section will be displayed by default.

Select the Third Party Integrations section to display the available (active) sync services, as seen in the following example.

To obtain details of the full request payload for a specific Profile Sync (e.g. Amadeus GDS), select the + symbol followed by the XML icon associated with the data send or received.

The data (XML) sent or received will be displayed. The following example is data sent for the traveller of the selected sync service (Amadeus GDS).

Profiles - Gender Display Options Configurable

Gender Diversity was added to the Travel Platform in 4.7 with a new Diverse gender option appearing in both the main profile and in the traveller’s passports section. To provide each client with additional flexibility in how they display profile gender, this latest release provides new configuration options in Kudos Administration.

Field

Description

Show Profile Gender

Default value is no.

Allows Gender options i.e. Male, Female and Diverse (if enabled) to be an available field for selection in the profile (e.g. Traveller, Travel Arranger).

It is recommended to have this field enabled (yes) with the title in a booking (PNR) used by suppliers and vendors (e.g. airline) to assist in communications with passengers and to names that match (e.g. Smith/Alex).

Enable Diverse Gender

Default value is no.

If set to yes, it will allow the Diverse (non-binary) gender option to be included as a selection option in the profile (e.g. Traveller, Travel Arranger).
Client’s using some OBTs that do not support this (e.g. Serko) are recommended to set this field to no.

Refer to Profiles - Diverse Gender for more information.

If Show Profile Gender = no it will be removed from the main profile, as shown in the following example.

• By default, Gender exists both on the main profile and in the Passports section
• If a Passport exists, the Passport gender always takes precedence
• In the case of no Passport, the main profile’s Gender will be used
• If Gender is hidden from the main profile and there is no Passport, it will be null (blank).

Not all downstream systems support optional genders. Clients should consult with Kudos Travel Technology to ensure no adverse effects before choosing to hide gender on the main profile.

Login History

When expanding a traveller's Login History, the external API call was failing due to changes in the service functionality. This has now been updated to accommodate these changes and correctly process the User-Agent string for the login and return detailed information about the browser, device, and operating system used, as seen in the following example.