You cannot reset the password of a user who is currently logged on to any account on the system.In compliance with the Payment Card Industry Data Security Standard (PCI DSS), STORIS provides an optional Complex Passwords feature. This feature includes the ability to establish a unique ID and password for each user that conforms to the following PCI requirements.
The user's password
must be changed every 90 days,
must contain a minimum of seven characters,
must contain at least one number,
must contain at least one letter,
cannot be the same as any of the user's last four passwords,
cannot contain the user’s logon ID and/or name, and
is compared to the previous (old) password to ensure that the user is not simply changing a number. (For example, you cannot change the password from KRH01 to KRH02.)
When a user enters their STORIS password, it is encrypted when transmitted across the local network from the work station to the server.
After six unsuccessful attempts at logging in, the user is locked out for 30 minutes or until manually reset. For more detail on locking out users, see the User Locked Out field in Create a User.
When entering the user's password to exit to ECL, the password is encrypted. ( Access to ECL is controlled via the Access ECL command line mode setting in Create a User/Group Actions - System Security.)
General System Control Settings, Security tab
The Use Complex Passwords field must be checked to enable the complex passwords feature.
The Password Expiration Days field must be set to no more than 90 days.
The STORIS ID Required at Logon and Use Extended Security fields must also be active (checked).
Create a User, Security tab
When you create a new user, the Password field is automatically set to RESET and cannot be changed.
When the new user logs in for the first time, they are prompted to enter a password via the Change User Passwords window.
Once a password has been established, the Password field in the user settings is encrypted and displays a series of 8 asterisks (********), regardless of the number of characters entered in the password.
To reset a user's password, you click the Reset button to the right of the Password field. (You can click it again to cancel this action.)
When you choose to reset a password, the user's current password is cleared and the word RESET is displayed in place of the 8 asterisks, indicating that the password is to be changed.
The next time the user logs in, they are prompted to enter a new password via the Change User Passwords window.
You cannot reset the password of a user who is currently logged on to any account on the system.
