| Home | Software Sales | Crystal KB | Contact Us | 
|
| RDP Support |
|
|||
| RDPWin KB | IRM.Net | RDPWin3 & PCI Compliance | Search | |
User Login Changes in RDPWin Version 3
On July 1, 2010, new PCI compliance standards go into effect. RDP has developed RDPWin Version 3 in response to these standards and the program has been certified compliant. In order to pass the strict PCI standards, RDP has had to make many changes to the User login experience. The following article explains the changes you will experience when converting to RDPWin Version 3.
Passwords
Passwords must now meet certain standards to be compliant. Passwords:
- Must be 7 to 15 characters in length.
- Must contain at least one upper case letter, one lower case letter, and one number.
- Can contain special characters.
- Will expire after 90 days. After expiration, users will be prompted to enter a new password.
- Cannot be the same as your previous five passwords.
- Will only be known by the user. System administrators cannot see a user’s password; however, they can change it so that the user can login if he/she forgets the password.
User Accounts
Each user must have unique initials (2 characters). Initials are stamped on
transactions to track the user who created or posted the transaction. If two
staff members have the same initials in real life, then some accommodation must
be made to change one user’s initials for use in RDPWin Version 3.
A user
account will be locked out after 5 incorrect login attempts. This lockout will
last for 30 minutes. A system administrator can unlock the account and, if
needed, reset the password.
After a system administrator resets the
password, the user will be prompted for a new one upon logging in.
Administrator
RDPWin Version 3 has an ADMIN user. In addition to being able to make certain users Administrators, there is an ADMIN user. This user should not be used on a regular basis as a login, but rather is comparable to a Domain Administrator for your network. One or more persons (but not many) should know the ADMIN password. This login can be used when all else fails to access the RDP system (i.e. all the administrators forgot their own passwords). Like any other user, the ADMIN user will need to change its password every 90 days.
Single Session
With RDPWin Version 3, a user may only be logged-in to one workstation at a
time. Should you need to log-in to a second computer, you will need to log-off
of the first (or wait the 20 minutes for the system to do that automatically).
It is best practices to log-off of any RDP session if you plan to be away for
more than a few moments.
Because only a single session per user is
possible, there will no longer be generic logins like FRONT for the front desk
staff. Each user needs his/her own login, initials, and password.
Inactivity
RDPWin Version 3 automatically log-offs users after 20 minutes of inactivity only if the user account is a Credit Card Administrator or Administrator User Type. A warning appears after 10 minutes of inactivity and the timer can be reset by simply clicking on the warning message. Users without administrator privileges will not encounter the auto-logoff feature.
Converting to RDPWin Version 3
Converting to RDPWin Version 3 is not a lengthy process. If your credit cards are not already encrypted, then they will be encrypted the first time RDPWin Version 3 starts. Steps for conversion are:
- Install RDPWin Version 3 Server install file on RDP Data Server.
- Install RDPWin Version 3 client software on each workstation. This step lays down certain files that should be needed only once. After RDPWin Version 3 is installed, this software will query the server each time it loads and automatically download new versions as needed. You will no longer need to install the client software with each and every RDPWin update.
- The Users file will be converted and encrypted. During this process, all password information will be removed. When each user logs in for the first time, he/she will be prompted for a new password.
- Special Note
- The RDP user is just like any other user. The RDP user password expires after 90 days and must meet password standards for sophistication. It is quite possible that since we have over 10 RDP support staff, we will not know our current password for your system. A system administrator may need to unlock the user for us.
Important Version 3 Documents
| Support Home | RDPWin3 & PCI Compliance | Enhancement Requests | Open A Web Support Ticket |
|---|---|---|---|
| Training | 3rd Party Interfaces | RDP Sales Website | Contact Us |
 |