Customers and admin users have some special requirements and procedures regarding account security. Some things to keep in mind regarding accounts and signing in:
Due to PCI DSS standards, eRatex enforces the following:
Administrators must change their passwords at least every 90 days.
After six (6) failed login attempts, user accounts are temporarily locked out. Users will be locked out for 30 minutes.
Shoppers with accounts are required to use complex passwords with special characters, just as is the case with Admin users.
Passwords must be at least 8 characters in length and include at least one upper case character, one lower case character, one number, and one of these characters ~`!@#$%^&*()_+=[]{}|\';\":|/?
The software prevents any user from reusing any of the four (4) previously-used passwords.
Any user who is logged in is forced to log in again after 15 minutes of inactivity.
NOTE: Browser password autocomplete can no longer be disabled on email & password fields throughout the application by setting the DisablePasswordAutocomplete Setting to true in V10+ versions, as the capability has been deprecated by the common browsers. You may get a notification of an 'action item' in PCI scans. You can ignore this recommendation (this is not necessary to pass the PCI scan).
Forgot Password Reset Procedure
Important: The Forgot Password feature relies on properly-configured email. If your store is not properly configured to send emails, the Forgot Password feature will not appear on login pages.
In the event that you lose your password and have a functional email configuration in your site, you can use the "Forgot Your Password?" feature on the signin pages of your site.
If you are an admin user of the site, you must perform this task on the admin signin page.
If you do not have a functional email configuration in the site, use this method to reset your password, which requires direct database access. Consult your site host if necessary.
If you are getting looped back to the admin sign in page with no error, refer to this article.
Procedure
Access the /signin.aspx page on your site ( www.yoursite.com/signin.aspx or www.yoursite.com/youradmin/ WITHOUT the signin.aspx if you are an admin user).
Enter your account email address in the field labeled *My e-mail address is: and click the Request a New Password button.
Check your email Inbox for the temporary password generated by the site.
Access the /signin.aspx page on your site again (there is a link in the email you received) or your admin URL for admin users, and login using your account email and the temporary password. NOTE: On occasion the temporary password can contain invalid characters. If it fails to log you in after a couple attempts, retry the Forgot Your Password? to generate a new one. Repeat until you get a valid password.
The site will request that you change your password at this time. Please remember to use the temporary password for the Old Password field, and not your previous password or any auto saved passwords.
You will be all set once you have properly completed the password change sequence.
The password change feature, required after performing a Forgot your Password? sequence, can be confusing when autocomplete pre-fills the Old Password field. The correct password to enter is the temp password received in the email.