MerusCase Support usually gets a few calls a week from users who have lost their MerusCase password and are unable to log in. Reasons for this can vary: they might have accidentally cleared their password auto-fill settings from their browser, the password might be auto-filled on a different computer than the one they're currently trying to use, or they might simply have forgotten their password. Whatever the cause, it's generally pretty simple for us (or any administrator at their firm) to go to their user account information, send them a password reset, and talk them through entering that temporary reset password along with a new, permanent password.

What's usually a "generally pretty simple" matter becomes difficult when the user not only doesn't have access to their MerusCase account, but also doesn't have access to the email address associated with that account: if a user can't get in to their email inbox, or they don't even have an email inbox, then they can't see that temporary password and thus can't use it to get logged back in to MerusCase.

This week, we received a call from a user who forgot the password to both their MerusCase account and their email account over the weekend, so getting them securely logged in to Merus without email access required some creative thinking. Our preferred option was to get in touch with this user's IT administrator, get them logged in to their own, secure email account, and then proceed with the normal password reset procedure from there. Unfortunately, many small-to-medium sized firms don't have full-time IT support on location, and this particular firm's IT support was unavailable for several days.

At Fuery Solutions, we take our users' privacy and security very seriously, in order to comply with HIPAA and to protect our firms' attorney-client privilege. To that end, user passwords and other login information is (intentionally) very difficult for even MerusCase Support to bypass: even if they gave us permission and we gained access to the appropriate tables in the database, passwords are encrypted and can't even be read by our software engineers. 

To get this user logged in, we therefore had to resort to setting a prearranged password on one of our testing user accounts. With this user's permission, one of our software engineers securely logged in to the MerusCase database and copied that encrypted password over to the user's account. After they used the prearranged password to log in, we walked them through going to their user preferences and changing their password to something of their own choosing.

This whole process sounds very complicated, but it only took about an hour from start to finish. However, that's an hour of in-office support and engineering time, which pushed the user's logging in over the weekend to mid-morning on the next business day. In this day and age of always-online connectedness, support requests like this one highlight the importance of things like regular email access for doing business in the 21st century.