You can change users' passwords from within EFT Administrator. When a new password is created, EFT Server determines whether the password meets complexity and reuse requirements.
For HS-PCI-enabled Sites, you cannot manually create a password; the only option is to click Generate to create a unique, complex password.
If enabled, users can change their passwords in the HTML Listing and Upload Form and the Web Transfer Client.
To change a user's password
In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the user you want to configure.
In the right pane, click the Main tab.
Click Change Password.
The Change User Account Password dialog
box appears.
Do one of the following:
In the New password and Confirm password boxes, type and confirm the password. (Not available for HS-PCI-enabled Sites.)
Click Generate. A complex password is generated and entered in the New password and Confirm password boxes.
Click the Password type list to specify a type from the following:
Standard - A plain text password is required.
Anonymous - Any password, including nothing, allows an anonymous connection.
Anonymous (Force e-mail) - Any well-formed e-mail address is the password
OTP (One-Time Password; intended to make it more difficult to gain unauthorized access. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced) S/KEY MD4 - Used for logging in to an OTP-enabled server.
OTP S/KEY MD5 - Used for logging in to an OTP-enabled server.
PCI DSS (multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures) requirement 8.5.8 states that you should not use group, shared, or generic accounts and passwords. To address this requirement, EFT Server hides the Anonymous password type for HS-PCI-enabled Sites anywhere that the password type is selectable. |
To e-mail the user's password, type the e-mail address and select the E-mail login credentials check box. (SMTP must be configured on the Server.)
Click OK. The Change User Account Password dialog box closes and the e-mail is sent, if configured.
Click Apply to save the changes on EFT Server.