How can I reset my organization's Double the Donation password?

How can I reset my organization's Double the Donation password?

Please note: Double the Donation provides matching gift tools directly to nonprofits to help nonprofits raise more money from employee matching gift programs. If you're an employee or retiree who works for a company with a matching gift program, you do not log into Double the Donation's service. You need to log into your employer's matching gift website.

If you're a nonprofit who does not subscribe to Double the Donation's service and are trying to verify a matching gift, you'll need to reach out directly to the company.

Resetting Your Password: You still have access to the email account associated with your user profile

You can reset your Double the Donation password by going to https://doublethedonation.com/members/login/, clicking on "Forgot password," and entering the email address that was used when your organization became a Double the Donation client.

Resetting Your Password: You do not have access to the email account associated with your user profile

If you no longer have access to that email address, you can take the following steps:

Option 1: The simplest way is to recommend that the new user get the credentials for the account by asking the former administrator of the account or asking the former administrator to add you as a new user on the account. 

Option 2: If you have access to an email address associated with another user profile in the account but don't know the password, reset the password here

Option 3: If the former admin on the account is no longer with the organization and/or the new user has no access to that email address, try the following:
  1. Contact your email administrator at your organization and request that they give you access to the former email address, or pass along a password reset email for the account.
  2. Consider setting up a catch-all account to help you retrieve emails sent to the email address; Your email administrator can assist with this. A catch-all account is an email address that collects all emails addressed to your domain, including email addresses unknown to the server. A catch-all account is useful for catching and storing emails addressed to misspelled recipients in a domain. After setting up the catch-all account, you can click reset your password. After resetting the password, sign in to your account with Double the Donation and then update the email address on the account to your current email address.
  3. Ask your colleagues to see if they were added as Admins on your account. Typically we recommend three admins so there's a good chance one of your colleagues is also an Admin. If so, they can log in and add you as a user by following these instructions (Add User Guide).

Key things to consider: Your organization's account has your organization's donor data in it. To protect your donor data, your organization's Administrators are responsible for adding/removing authorized users on your account. If a former employee leaves your organization, there are a number of ways your organization can re-gain access to your Double the Donation account. To protect the security of accounts, Double the Donation doesn't typically add users to any account. Reference this guidance if you need assistance gaining access to your account when an employee leaves your organization.

Password Requirements

Once you have received your password reset link, it's time to create a strong password!

Double the Donation aligns closely to NIST Special Publication 800-63B (Digital Identity Guidelines, Authentication and Lifecycle Management), the industry standard for password security. Following that guidance, we have implemented the following standards:
  1. Minimum password length of 8 characters
  2. No complexity requirements (e.g., special characters, capitalization, numbers)
  3. No forced password changes after a specified period of time
  4. No password reminder questions (e.g., "What is your mother's maiden name?")
  5. Limit of 10 failed login attempts, resulting in a 24 hour lockout
  6. Paste functionality allowed (to encourage the use of password managers)

For more information, reference 5.1.1.1 Memorized Secret Authenticators (https://pages.nist.gov/800-63-3/sp800-63b.html#sec5) and Appendix A—Strength of Memorized Secrets (https://pages.nist.gov/800-63-3/sp800-63b.html#appA)

Some organizations wish to implement additional login security. We recommend adding multi-factor authentication using Google Authenticator, which is supported by all Double the Donation plans. Find setup instructions and more information about 2FA here.