User Names and Passwords

User names (or IDs) are used for identity purposes in the software and on documents. Most companies choose to use either names or initials when feasible. Companies with a large number of users may need to assign codes if names or initials would produce too many duplicates. User IDs may be up to 6-characters in length.

Passwords are used for security purposes, are encrypted in the database, and can be up to 24-characters in length. They are neither printed nor displayed in the application.

Sharing User IDs vs. Individual Assignment

We advise against using shared user accounts. Even with a small company with just a few users, it can make things much easier if you are able to identify who was linked with any given transaction or document. This isn't just for stopping malicious activity such as theft, it's often more efficient to be able to quickly identify who created a particular order or did a particular sale when a customer calls or there's a question, for example.

Passwords

Passwords are used for security purposes only and should not be shared. The best passwords include a mix of letters, numbers, and symbols and don't include any personal information someone else might know or be able to guess (such as birth dates, names, phone numbers, pet's names, for example).

Your system administrator can set a maximum password attempts number, a minimum password length, and an expiration period . Password expiration forces users to choose another password after a set number of days has passed. A setting of zero disables password expiration.

If an expiration is being used, the application will automatically prompt the user to set a new password after the number of days since their last password change passes. The following prompt appears:

Upon clicking OK or closing the message box, another form opens requiring the user to reset their password. They must re-enter their existing password and then enter a new password. The new password must be typed in twice to help ensure that it is being set properly. Users will not be allowed to continue to access the application unless they successfully change their password.

Security_Change_Password

In addition, the administrator can require that passwords contain both alpha and numeric characters (Require Alpha & Num check box) as well as a separate requirement for a special character (symbol) (Require Special Chars check box). This can affect the required minimum password length.

Password security is located in Maintenance > Database > Parameters > Setup > User ID. For obvious reasons, this path is restricted to users with administrative permissions.

Windows Authentication and LDAP

LDAP stands for (Lightweight Directory Access Protocol) and is kind of like a server-based address book. The intention of the LDAP option is to use each client’s Windows login and password to sign into the application. The benefits to enabling LDAP are:

(1) the user won’t have to type in their user name and password when starting the application, and

(2) the user won’t have to remember two (2) different sets of user names and passwords (one set for Windows, one for the application).

For these features to work, the following must be done:

  • Active Directory must be enabled on the server.

  • All Windows user names must be limited to 6-characters (because application user names are limited to 6-characters).

  • Each Windows user name and password must match a valid application user name and password.

  • Any future changes to passwords and user names must be maintained in 2 places (LDAP and the application).

  • Password expiration should not be used with the software as it would cause the user to modify their password. When done, the application's user information would no longer match the Windows user information.

  • The LDAP Directory on the server must be designated on the Parameters, User ID tab in the software and the Windows Authentication check box must be checked.

Some application features such as inactivity time-outs and shared POS settings will still return the user to the Sign-on form (and the user would still need to manually log in if this happens).

The 6-character limitation for user names in the application is often a reason why companies choose to not enable Windows Authentication. It can be a lot of work for an existing network to modify all Windows user names to match this size restraint. We currently have no plans to increase the user name size because it is so widely used throughout the existing application's data (almost every table, over 300 tables in number, contains the user name not to mention the areas in the application code that would need modification).