Setting strong Windows and SpeedLine passwords, and changing them regularly, is a Payment Card Industry Data Security Standard (PCI DSS) compliance requirement. See the PA-DSS Implementation Guide in the Document Viewer for more information on the requirements of PCI DSS.
Complex passwords that are changed regularly protect your cardholder and SpeedLine data from unauthorized access, but if poorly managed, they can also lead to inconvenient system lockouts. If you are unable to log in to Windows, you will be prevented from using SpeedLine to take orders.
The three most common causes of lockouts and their resolutions are described below.
Lockout Cause 1: Not Changing Your Windows Passwords Before They Expire
If you ignore password expiration warnings and manager alerts, you will be locked out of Terminal five (5) days before your Windows account passwords are due to expire. This lockout "buffer" prevents you from using Terminal until you change the Windows passwords.
|
Important When you get a password expiration reminder, do not use Windows to change the password—this will only affect the station you are working on, and won’t change passwords on Store Manager, services, or scheduled tasks. Use Password Maintenance to change passwords instead. |
|
Hint SpeedLine recommends changing your Windows passwords once a month on the same date. This helps prevent missed password changes. |
Resolution: Change your Windows passwords, or call SpeedLine Support for assistance.
•Use the Password Maintenance utility to change Windows passwords. If you are not able to change the passwords, contact Support for assistance. See contact information.
Prevention: Change your passwords when you see an expiration warning.
•Use Password Maintenance to change your passwords. Using Password Maintenance, you can:
oChange all your Windows and Store Manager passwords in one simple step.
oChange passwords on every computer on your network at the same time.
oChange passwords on services and scheduled tasks, so utilities like Hot Backup keep running without interruption.
oSchedule future password changes.
|
Important When finished changing your passwords, call SpeedLine Support to give us your new passwords. SpeedLine Support technicians will need these passwords to assist you if you have a technical issue. |
Lockout Cause 2: Incorrect Username or Password Entered Too Many Times
For extra security, after several unsuccessful login attempts (three for Windows accounts by default, or six for Store Manager) your account will lock. You will be unable to log in (even with the correct password) for the next 30 minutes.
Resolution: Unlock the account.
•30 minutes after the last login attempt, the account will be automatically unlocked. After the waiting period, ensure the keyboard CAPS LOCK is off, and then enter the correct username and password.
|
Note You must not attempt log in during the 30-minute waiting period (even with the correct password). The 30-minute waiting period resets after each attempt. |
•For Store Manager only, a manager with sufficient security privileges can unlock other employees' accounts. See Unlock an Employee's Store Manager Account for instructions. If no other manager is available, contact SpeedLine Support for assistance (see contact information).
Prevention: Set a strong password you can remember.
While meeting requirements, the passwords you choose should be relatively easy for your staff to memorize, since writing them down in order to learn them defeats the purpose of using strong passwords.
To meet PCI DSS requirements, Windows account passwords must contain a mixture of upper-case and lower-case letters and numbers, and must be a minimum of 7 characters in length. Adding punctuation marks and symbols increases the password strength.
Here's one technique for creating memorable passwords that meet strong password requirements:
1.Base your password on a phrase with special meaning to you. Some examples are:
•A song lyric.
•A line of poetry.
•A favorite quote.
•The title of an obscure book or work of art.
2.Use the first letter of every word, or remove the vowels from the words, to construct your password.
3.Capitalize some letters, perhaps the ones you'd emphasize if saying the phrase out loud.
4.Substitute numbers or symbols for some of the letters. For example:
•"$" instead of "S"
•"1" instead of "i"
•"3" instead of "E"
•"+" instead of "t"
Lockout Cause 3: Account Inactivity
If an employee does not log in to Store Manager for 90 days or more, the employee's account is locked out.
Resolution: Manually unlock the account.
•A manager with sufficient security privileges can unlock other employees' accounts. See Unlock an Employee's Store Manager Account for instructions.
•If no other manager is available, contact SpeedLine Support for assistance (see contact information).
Prevention:
•To avoid future lockouts, log in to Store Manager at least once every 90 days.
•If an employee has been away for more than 90 days on leave, you will need to unlock the account before they can log into Store Manager.
|
Hint To avoid login problems, you can send a message to yourself or to another manager to remind them to unlock the employee's account before the employee is due to return from a long leave. See Send Employee Events for instructions on how to send a message that appears in Terminal when the manager logs in. |
See Also:
•Change Passwords Using the Password Maintenance Utility
•Unlock an Employee's Store Manager Account
•PA-DSS Implementation Guide PDF- available in the Store Manager Document Viewer.
•Assign Strong Employee Passwords
•View or Change Security Privileges
