June 2024 - Password Policy Changes for Admin Users

June 2024 - Password Policy Changes for Admin Users

Password Changes for Dealer Admin

 

Attached is a copy of this Article, including screenshots for a visual reference.


Introduction:

This document explains the new workflow of the Dealer Admin login page

Current Workflow:

  1. The minimum required length for a password is 6 characters.
  2. There are no regulations to limit user access if they exceed any number of login attempts.
  3. There is no requirement for users to change their password every 60 days.


New Requirements:

  1. The minimum required length for a password is increasing to 8 characters.
  2. If a user exceeds 5 login attempts, the password must be reset.
  3. Every 60 days, a password will expire and must be reset.

 

New Workflow:

The minimum required length for a password should be 8 characters:

  1. A New Password must satisfy the below conditions (which will appear on the Set Password screen):
    1. Include 8 to 12 characters
    2. An uppercase character
    3. An lowercase character
    4. A number
    5. A Special character
  2. After meeting the conditions, the user must input a Confirm Password that matches the New Password.
  3. Upon successful password verification, the AUTHENTICATE option will become accessible.
  4. By selecting the AUTHENTICATE option, “Your Password has been Set Successfully” pop-up should be displayed.


If a user exceeds 5 login attempts, the password must be reset:

  1. The banner message ‘Your login attempts have exceeded the limit…’ appears at the top-right.
  2. User can reset their password by clicking Forgot password. The Forgot Password screen appears, prompting the user to input their Email Address.
  3. A valid and correct Email Address must be entered to select Send Email and continue.
  4. When Send Email is selected, an email will be sent to the entered Email Address.
  5. Users can reset their password by clicking on the link provided in the email.
    1. The following requirements must be met to establish a new password:
      1. Include between a minimum of 8 and maximum of 12 characters
      2. An uppercase character
      3. lowercase character
      4. A number
      5. A Special character
    2. If attempting to reset the password to a previous one, a notification stating ‘The new password should not match any of the previous passwords’ appears.
  6. After meeting New Password conditions, enter a Confirm Password that must exactly match.
  7. Upon successful Password verification, the CHANGE PASSWORD option becomes available.
  8. By selecting the CHANGE PASSWORD option, the password will undergo authentication and be reset with a ‘Your Password has been Reset Successfully’ appearing.


Every 60 Days, users must reset their Password - as it will Expire:

Users are required to reset their password every 60 days.

  1. The following requirements must be met to establish a new password:
    1. Include between a minimum of 8 and maximum of 12 characters
    2. An uppercase character
    3. lowercase character
    4. A number
    5. A Special character
  2. After meeting the conditions, the user must input a confirmation password that must match exactly.
  3. Upon successful password verification, the AUTHENTICATE option will become accessible.
  4. By selecting the AUTHENTICATE option, the password will undergo authentication and be reset and ‘Your Password has been Reset Successfully’ pop-up appears.
    1. When attempting to reset the password to the same one, a notification stating “The new password should not match any of the previous passwords” should appear.

 

New Changes

  1. When logging in as an Admin, a pop-up with the message ‘Your password will get expired in 10 days…’ appears, with Reset Now and Reset Later options.
  2. This pop-up will appear starting 10 days prior to the password expiring.
    1. If Reset Now is selected
      1. The Password Reset screen appears.
      2. Once the password has been authenticated and reset, the message ‘Password Reset Successfully’ appears as confirmation.
      3. The Admin Login screen appears. Enter the corresponding credentials and new Password to log in.
    2. If Reset Later is selected, then the user is directed to the Admin Login screen to log in normally.
  3. When a user enters an existing Back Office (BO) password in new BO, it will allow them to log in. When a user resets in Revamp, then it will satisfy the new BO criteria.


60-Day Expiration Policy

  1. When a user creates any new password in new BO, it will expire in 60 days. Then for that user, when they reset the password in new BO only it will be considered under the 60-day password change policy.
  1. The password validation will apply in new BO when it is rolled out to the public (for existing users).
  1. For an existing user: from the day this feature is rolled out, it will be considered Day 1 for password change criteria. If existing user uses the existing back office more than 60 days then it will allow the user to use existing BO.
  1. When a user moves to the new BO after 60 days, it is mandatory to reset the password in BO Revamp.
  1. When 60 days are exceeded and the user enters their old password, it is mandatory to reset the password, with a Password Expired!!! pop-up appearing.
    1. If Reset Now is selected, the Password Reset screen appears. Once the password is authenticated and reset, e the alert message at the top should be displayed as ‘Password Reset Successfully’. The Admin Login screen appears, where the user enters the credential and new password.
    2. If Cancel is selected, the Admin Login screen appear. If the the old credentials again to log in, the same pop-up appears.

  1. Note: When resetting a password, the user cannot proceed with any used during the past 120 days. If attempting to do so, the following Error message appears: The new password should not match any of the previous passwords’

    • Related Articles

    • June 2024 Updates - Impacts to Dealer Admin Users

      Login Page - Password policy changes Attachment: PasswordChanges_DealerAdmin_V2_06262024 Users Page - Updated options for the Access field Attachment: DealerAdminAccess_DealerAdminUsers_06112024

    • June 2024 - Access Update for Admin Users

      Access Update for Admin Users Introduction: This document explains the new workflow regarding Access on the Users page for Admin users. Requirement: Adding the following options to the Access dropdown: Announcements Users Info Partner Portal Shop ...

    • June 2024 Releases

      POS-V6 [Android, iOS] Nationality Dropdown on Customer Profile: Users will have the ability to select the nationality from a drop-down option on the Customer Profile screen. Attachment: NationalityDropdown_CustomerProfileScreen_05282024 Barcode on ...

    • Two-Factor Login Authentication

      What’s Changing: Two-Factor Authentication (2FA) is being implemented to log in to the Admin page. Admin Login Page When a Username and Password is entered on the Admin page, the app will require Two-Factor Authentication to login The app sends the ...

    • September 17, 2024 - Features Released

      New keys for Till Creation and Retrieval Endpoints (POS Dependency) - Back Office Uniformity of the Total row in reports - Back Office Supporting Document: TotalRowUniformity_Reports Pagination Improvisation: Pagination will display the exact ...