You can change users' passwords from within the Administrator interface. When a new password is created, EFT Server determines whether the password meets complexity and reuse requirements.
For HS-PCI-enabled Sites, you cannot manually create a password; the only option is to click Generate to create a unique, complex password.
If enabled, users can change their passwords in the HTML Listing and Upload Form and the Web Transfer Client.
To change a user's password
In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the user you want to configure.
In the right pane, click the General tab.
Click Change Password.
The Change User Account Password dialog
box appears.
Do one of the following:
In the New password and Confirm password boxes, type and confirm the password. (Not available for HS-PCI-enabled Sites.)
Click Generate. A complex password is generated and entered in the New password and Confirm password boxes.
Click the Password type list to specify a type from the following:
Standard - A plain text password is required.
Anonymous - Any password, including nothing, allows an anonymous connection.
Anonymous (Force e-mail) - Any well-formed e-mail address is the password
OTP S/KEY MD4 - Used for logging in to an OTP-enabled server.
OTP S/KEY MD5 - Used for logging in to an OTP-enabled server.
|
|
PCI DSS requirement 8.5.8 states that you should not use group, shared, or generic accounts and passwords. To address this requirement, EFT Server hides the Anonymous password type for HS-PCI-enabled Sites anywhere that the password type is selectable. |
To e-mail the user's password, type the e-mail address and select the E-mail login credentials check box. (SMTP must be configured on EFT Server to e-mail the user.)
Click OK. The Change User Account Password dialog box closes and the e-mail is sent, if configured.
Click Apply to save the changes on EFT Server.
