High Security Passwords: Managing Lockouts and Expiring Passwords

This topic explains what to do when a user set up with High Security Passwords has a lockout or an expiring (or already expired) password. For more information about setting up a user with High Security Passwords, click here.

User Lock-Outs

Why a User Gets Locked Out

If a user set up with High Security Passwords attempts to log in more than 6 times within a 5-minute window without entering the correct user name and/or password, the user will get locked out of the terminal.

The rule for lockouts is 6 failed attempts within a 5 minute window.

The following scenario would result in a lockout for BOB:

Time	User ID	Password Good?
11:00 AM	BOB	No
11:00 AM	BOB	No
11:02 AM	LISA	Yes
11:03 AM	BOB	No
11:04 AM	BOB	No
11:04 AM	BOB	No
11:07 AM	BOB	No

The following scenario would not result in a lockout for BOB because the time between failures number 5 & 6 is greater than 5 minutes:

Time	User ID	Password Good?
11:00 AM	BOB	No
11:00 AM	BOB	No
11:00 AM	LISA	Yes
11:01 AM	BOB	No
11:01 AM	BOB	No
11:01 AM	BOB	No
11:08 AM	BOB	No

Note that there is a buffer of +/- one minute for the time between failures because the times are only compared to the minute, not to the second.

Lockouts can occur when using SIGNON from the Eagle Browser, but not from POS signon nor from Clock In (Timeclock users).

Clearing a Lockout

"Password is Going to Expire" Message

High Security Passwords expire in 90 days. If a user with High Security Passwords enabled is within the 7-day password expiration threshold, and the user attempts to SIGNON from the Eagle Browser, he/she will get a warning that their "password is going to expire."

Any time you'd like, you can view a user's password expiration date from the Add/Change/Delete User function in Options Configuration or Security Maintenance.

Display the Options Configuration window.
Click Misc and select 4-Add/Delete/Change User. Then select 3-Change a User.
Select the appropriate store, and click OK. Then select the appropriate user and click OK.

The last field on the screen displays the expiration date.

Changing Your Password

Alternatively, your Security Administrator can change a password using the Add/Change/Delete User function in Options Configuration or Security Maintenance.

Display the Options Configuration window. Alternatively, you can use the Misc menu in Security Maintenance to activate High Security Passwords.
Click Misc and select 4-Add/Delete/Change User. Then select 3-Change a User.
Select the appropriate store, and click OK. Then select the appropriate user and click OK.
In the Change a User dialog that displays, in the Password field, enter a password that meets the following criteria:

it is not blank
it is at least 7 characters in length
it contains at least 1 alphabetic and 1 numeric character
it is NOT the same as the last four passwords set up for this user.

Click OK.

Your new password cannot be blank, must be at least 7 characters in length, must contain at least 1 alphabetic and 1 numeric character, and cannot be the same as the last 4 passwords used.

"Password Has Expired" Message

The Security Administrator should do the following to change an expired password.

Your new password cannot be blank, must be at least 7 characters in length, must contain at least 1 alphabetic and 1 numeric character, and cannot be the same as the last 4 passwords used.