Screen: ShopSite > Utilities > User Accounts > Configure
Modify the settings that control user accounts. Note that changing required password lengths (longer or shorter) will prompt users to change their passwords the next time they log in to ShopSite.
Sign In |
|
Minimum password length |
The minimum allowable length for a password. Use the drop down list to select a length between six and thirty two (6-32). Note: PCI compliance dictates that passwords must be at least seven characters in length. |
Allowed sign in attempts |
The number of chances a user gets before the account is locked. Use the drop down list to select a number of allowed attempts between one and ten (1-10). Locked accounts can be reset through the Edit User page. Note: PCI compliance dictates that the maximum number of login attempts allowed before lockout is six. |
Minutes to wait after sign in attempts reached |
The minimum amount of time that a merchant will have to wait between sign-in attempts after the maximum attempts have been reached. Use the drop down list to select a length between one and sixty (1-60). Note: PCI compliance dictates that merchants must wait at least 30 minutes after sign-in attempts have been reached. |
Inactive time before being logged out |
This field determines how long a user can leave ShopSite unattended before they are automatically logged out. Note: PCI compliance dictates that the maximum allowable inactive time before being logged out is 15 minutes. |
Number of days before requiring that the password be changed |
The maximum number of days that a password can be used before it needs to be changed. Use the drop down list of 30 day increments to select a length of time (30, 60, 90, 120, 180, or never). If this setting is changed to "never" after the account is created, the user will still be prompted one last time to change their password when the originally set length of time has elapsed. Once a new password is set, they will no longer be prompted to change their password. Note: PCI compliance dictates that passwords must be changed at least every 90 days. |
Allow Web Browser to Remember User ID and Password |
Some browsers offer to rememeber the credentials for web pages. This checkbox controls whether or not the user's ID and password can be remembered by the user's browser. For security reasons, we recommend that this feature stay disabled, as anybody with access to the computer can log in with the user's credentials. |
Two-factor Authentication |
|
Enable Two-factor Authentication |
Turn on or off two-factor authentication (2FA). In the next section you can make 2FA mandatory. For more information on 2FA see What is Two-factor Authentication.
|
Require Two-factor Authentication |
You can select which users, if any, are required to use 2FA.
|
Allow E-mail Code Option (less secure) |
If checked, on the Authentication challenge screen, there will be a link to optionally get the code in an email. If a user selects this an email is sent with the code to pass the authentication.
|
Remember Trusted Devices |
If checked, when a user authenticates they will see a checkbox to trust their browser for the number of days indicated. If the user selects the checkbox then future sign-ins will not require an authenticator code during that time period.
|
Challenge Phrase |
|
Allowed Challenge Phrase attempts |
Similar to the "Allowed sign in attempts" option above, this field controls the number of chances a user gets to correctly answer a challenge question when they forget their password before the account is locked. Use the drop down list to select a number of allowed attempts between one and ten (1-10). Locked accounts can be reset through the Edit User page. |
Challenge Phrase Questions |
You can use the default challenge phrase questions, which include: "What's your pet's name?", "What was your school mascot?", "What is the name of your favorite teacher?", and "[Your question goes here]", where merchants are encouraged to come up with their own challenge question. Though the fourth question provides merchants with the opportunity of providing their own challenge question, any of the questions can be changed as the merchant sees fit. These questions are used when a user forgets their password. The challenge phrase questions are tied to a user account when the user account logs in to ShopSite for the first time; that is when the user will answer the challenge questions. If a challenge phrase question is changed after user accounts have been created, the change will not affect the previously created user accounts. The questions for those users' accounts will not be changed. |
ShopSite Help and Resource Center Last updated: Jan. 26, 2011 Give Feedback |
ShopSite Shopping Cart Software |