As Atrex can store and process credit cards, the security functions in Atrex 17 and newer have been strengthened to meet current credit card industry requirements. If you are upgrading from Atrex 14 or older, the security changes listed in this article will affect you.
How Security Works:
The User Security function is required to store credit cards. When initially installed as an upgrade the User Security function is enabled if credit cards exist in the database requiring users to enter a valid user ID and password when entering the program. Once a user is logged into the program, the menu selections are limited depending on the security permissions set for the user.
Users are required to re-login after 30 minutes of idle time (leaving Atrex open without using it for 30 minutes).*
Users are locked out for 30 minutes after five invalid logins.
How Passwords Work:
ALL passwords expire after 90 days.*
Passwords must be at least seven characters in length and include at least one number and one letter.
New passwords cannot be the same as the current password or one of the last four passwords used.
For upgrades where security was being used in the previous version:
Your existing user IDs and passwords will continue to work for 90 days. After that new passwords must meet the above requirements.
For upgrades where security was not being used in the previous version but credit cards exist in the database:
Press the F1 key on the Atrex Login window to get the default login user ID and password.
The default user is a manager and has FULL access rights.
Deleting the default user does not disable security.
If you delete the default user you must create at least one new user or else Atrex automatically recreates the default user the next time you open Atrex. NOTE: If you want to have the ability to disable or enable security the user you create must have the manager option set or have the authority to customize Atrex.
The first time you log into Atrex using the default user you are prompted to change the default password.
You can create unique user IDs for each individual user under the User menu (a PCI compliance requirement).
*What if I want to use security but I don't want to process or store credit cards in Atrex?
We know that change is difficult and frustrating. Please understand that these changes were not made lightly. If you do not want to use the credit card, debit card, and gift card processing or storage functionality but want to use security, you can disable the password expiration and/or idle logout. However, in order to do this the database can NOT contain ANY credit cards.
To disable the password expiration and/or idle logout, open Options - Company Setup / Customization - Company Information and Settings. Select the Defaults tab. Make sure Credit Card Processor is set to None. Select the Options tab and uncheck Password Expiration (90 days) and/or Idle Logout. Click OK.
If after setting Credit Card Processor to None you are unable to uncheck Password Expiration (90 days) and Idle Logout because they are grayed out that means credit cards are present in the database. The only way to uncheck these options is to permanently delete all stored credit cards. The fastest way to do this is to disable security and then re-enable it.
Disabling Security:
User Security can be disabled under Options – Company Setup / Customization – User Security. Before disabling security please be aware that disabling security:
- Disables the ability to enter and store credit cards in fields designed for this purpose;
- Disables all credit card, debit card and gift card processing functionality; and
- Permanently deletes all saved credit cards.
If you want to use any of these functions within Atrex security is not optional.
Only users set as a manager or with the authority to customize Atrex can enable or disable security.