Support Home Sales Website Technology Contact Us
RDP Support  


RDPWin KB Booking Engine - IRM.Net RDPWin4 & PCI Compliance Search

User Login Changes in RDPWin Version 3

On July 1, 2010, new PCI compliance standards go into effect. RDP has developed RDPWin Version 3 in response to these standards and the program has been certified compliant. In order to pass the strict PCI standards, RDP has had to make many changes to the User login experience. The following article explains the changes you will experience when converting to RDPWin Version 3.

Passwords

Passwords must now meet certain standards to be compliant. Passwords:

  • Must be 7 to 15 characters in length.
  • Must contain at least one upper case letter, one lower case letter, and one number.
  • Can contain special characters.
  • Will expire after 90 days. After expiration, users will be prompted to enter a new password.
  • Cannot be the same as your previous five passwords.
  • Will only be known by the user. System administrators cannot see a user’s password; however, they can change it so that the user can login if he/she forgets the password.

User Accounts

Each user must have unique initials (2 characters). Initials are stamped on transactions to track the user who created or posted the transaction. If two staff members have the same initials in real life, then some accommodation must be made to change one user’s initials for use in RDPWin Version 3.

A user account will be locked out after 5 incorrect login attempts. This lockout will last for 30 minutes. A system administrator can unlock the account and, if needed, reset the password.

After a system administrator resets the password, the user will be prompted for a new one upon logging in.

Administrator

RDPWin Version 3 has an ADMIN user. In addition to being able to make certain users Administrators, there is an ADMIN user. This user should not be used on a regular basis as a login, but rather is comparable to a Domain Administrator for your network. One or more persons (but not many) should know the ADMIN password. This login can be used when all else fails to access the RDP system (i.e. all the administrators forgot their own passwords). Like any other user, the ADMIN user will need to change its password every 90 days.

Single Session

With RDPWin Version 3, a user may only be logged-in to one workstation at a time. Should you need to log-in to a second computer, you will need to log-off of the first (or wait the 20 minutes for the system to do that automatically). It is best practices to log-off of any RDP session if you plan to be away for more than a few moments.

Because only a single session per user is possible, there will no longer be generic logins like FRONT for the front desk staff. Each user needs his/her own login, initials, and password.

Inactivity

RDPWin Version 3 automatically log-offs users after 20 minutes of inactivity only if the user account is a Credit Card Administrator or Administrator User Type. A warning appears after 10 minutes of inactivity and the timer can be reset by simply clicking on the warning message. Users without administrator privileges will not encounter the auto-logoff feature.

 Converting to RDPWin Version 3

Converting to RDPWin Version 3 is not a lengthy process. If your credit cards are not already encrypted, then they will be encrypted the first time RDPWin Version 3 starts.  Steps for conversion are:

  • Install RDPWin Version 3 Server install file on RDP Data Server.
  • Install RDPWin Version 3 client software on each workstation. This step lays down certain files that should be needed only once. After RDPWin Version 3 is installed, this software will query the server each time it loads and automatically download new versions as needed. You will no longer need to install the client software with each and every RDPWin update.
  • The Users file will be converted and encrypted. During this process, all password information will be removed. When each user logs in for the first time, he/she will be prompted for a new password.
Special Note
The RDP user is just like any other user. The RDP user password expires after 90 days and must meet password standards for sophistication. It is quite possible that since we have over 10 RDP support staff, we will not know our current password for your system. A system administrator may need to unlock the user for us.

Important Version 3 Documents

Support Home  RDPWin4 & PCI Compliance Enhancement Requests Open A Web Support Ticket
Training New Sales Website Old Sales Website Contact Us

 Facebook     Twitter      LinkedIn   TODF