9.5.1.0
541 201 9965 Email Website
Contents
Search:

Home > Setup & Configuration > Password Information

Password Information

General Password Information

Customers and admin users have some special requirements and procedures regarding account security. Some things to keep in mind regarding accounts and signing in:

 

  • Administrators must periodically change their password. This cannot be disabled entirely, but the frequency of this required change can be adjusted with the AdminPwdChangeDays Setting.
  • After a certain number of failed login attempts (3 by default, controlled by the MaxBadLogins Setting), user accounts are temporarily locked out. The length of time of the lockout (30 minutes by default) can be adjusted with the BadLoginLockTimeOut Setting.
  • By default, customers are not required to use complex passwords with special characters like admin users are. That can be changed by setting the UseStrongPwd Setting to Yes.
  • By default, admin passwords must be at least 8 characters long and include at least one upper case character, one lower case character, one number, and one of these characters ~`!@#$%^&*()_+=[]{}|\';\":|/?
  • The required password format for admin users (and customers if using the special rule described above) can be changed by altering the CustomerPwdValidator Setting.
  • Old admin passwords are stored to prevent admins from reusing the same password when a change is required. The NumPreviouslyUsedPwds Setting determines how many previous passwords are saved.
  • By default, users are forced to log in again after 15 minutes of sitting idle on the site. This is a PA-DSS requirement, which can be overridden by changing the SessionTimeoutInMinutes Setting (for customers) or the AdminSessionTimeoutInMinutes Setting (for admin users).
  • Browser password autocomplete can be disabled on email & password fields throughout the application by setting the DisablePasswordAutocomplete Setting to true.

 

Forgot Password Reset Procedure

In the event that you lose your password and have a functional email configuration in your site, you can use the "Forgot Your Password?" feature on the signin pages of your site.
  • If you are an admin user of the site, you must perform this task on the admin signin page.
  • If you do not have a functional email configuration in the site, use this method to reset your password, which requires direct database access. Consult your site host if necessary.
  • If you are getting looped back to the admin sign in page with no error, refer to this article.

Procedure

  1. Access the /signin.aspx page on your site (www.yoursite.com/signin.aspx or www.yoursite.com/youradmin/signin.aspx if you are an admin user).
  2. Enter your account email address in the field labeled *My e-mail address is: and click the Request a New Password button.
  3. Check your email Inbox for the temporary password generated by the site.
  4. Access the /signin.aspx page on your site again (there is a link in the email you received), and login using your account email and the temporary password.
  5. The site will request that you change your password at this time. Please remember to use the temporary password for the Old Password field, and not your previous password or any auto saved passwords.
You will be all set once you have properly completed the password change sequence.

The password change feature, required after performing a Forgot Password? sequence, can be confusing when autocomplete pre-fills the Old Password field. The correct password to enter is the temp password received in the email. In order to lessen the confusion, you may wish to set the Setting: DisablePasswordAutocomplete to Yes.


Actions
Print This Article
Bookmark
Email This Article
Previous Article
Next Article