Even before the recent security incident (hack), all RE users should have been using two-factor authentication and stronger passwords. I'd almost bet my life that the cyber-criminals first got their nasty feet in the door because of a Raiser's Edge NXT user's weak security posture. Enabling supervisor users to require all Raiser's Edge NXT users to use two-factor authentication, or Blackbaud flipping this switch themselves, should happen right away.