The minimum allowable length for a password. Use the drop down list to select a length between six and thirty two (6-32). Note: PCI compliance dictates that passwords must be at least seven characters in length.

The minimum amount of time that a merchant will have to wait between sign-in attempts after the maximum attempts have been reached. Use the drop down list to select a length between one and sixty (1-60). Note: PCI compliance dictates that merchants must wait at least 30 minutes after sign-in attempts have been reached.

This field determines how long a user can leave ShopSite unattended before they are automatically logged out. Note: PCI compliance dictates that the maximum allowable inactive time before being logged out is 15 minutes.

The maximum number of days that a password can be used before it needs to be changed. Use the drop down list of 30 day increments to select a length of time (30, 60, 90, 120, 180, or never).

If this setting is changed to "never" after the account is created, the user will still be prompted one last time to change their password when the originally set length of time has elapsed. Once a new password is set, they will no longer be prompted to change their password.

Note: PCI compliance dictates that passwords must be changed at least every 90 days.

Some browsers offer to rememeber the credentials for web pages. This checkbox controls whether or not the user's ID and password can be remembered by the user's browser. For security reasons, we recommend that this feature stay disabled, as anybody with access to the computer can log in with the user's credentials.

Similar to the "Allowed sign in attempts" option above, this field controls the number of chances a user gets to correctly answer a challenge question when they forget their password before the account is locked. Use the drop down list to select a number of allowed attempts between one and ten (1-10). Locked accounts can be reset through the Edit User page.

You can use the default challenge phrase questions, which include: "What's your pet's name?", "What was your school mascot?", "What is the name of your favorite teacher?", and "[Your question goes here]", where merchants are encouraged to come up with their own challenge question. Though the fourth question provides merchants with the opportunity of providing their own challenge question, any of the questions can be changed as the merchant sees fit. These questions are used when a user forgets their password.

The challenge phrase questions are tied to a user account when the user account logs in to ShopSite for the first time; that is when the user will answer the challenge questions. If a challenge phrase question is changed after user accounts have been created, the change will not affect the previously created user accounts. The questions for those users' accounts will not be changed.