Passwords control access to the MPM application. When you create a user, the user is automatically assigned a default password of PASSWORD. The first time the user logs into MPM using the password of PASSWORD, they will receive a prompt requesting them to change their password. If the user forgets his password, the SYSADMIN, and only the SYSADMIN, can reset the password to PASSWORD using Tools » Reset Password in the Security window. A user other than the SYSADMIN, even though he is assigned the System Admin authority level, cannot reset passwords.
The System Administrator has the ability to set all passwords to expire after a certain number of days, after which all users have to reset their MPM passwords. When changing the default password (PASSWORD), you must enter the old password in upper case letters. You can enter new passwords in upper and/or lower case letters.
The System Administrator has the ability to:
specify the number of days before the password expires
specify the number of changes allowed before password reuse
specify the minimum password length
set the number of login attempts and number of days before a User ID becomes invalid
For a new user, or for a user who has had their password reset by the SYSADMIN, the password will need to be changed on their first login regardless of the expiration setting.
To set a password, complete the following steps:
From the Security window, click Tools » Password/Login Settings. MPM displays the Password/Login Settings dialog box.
The following fields can be set:
Limit to one password change per day — If left unchecked, a user may change their password as often as they wish within any given day. When this option is checked, a user may only change their password once in any given day.
The Days before password expires — defaults to zero, which means that the function is inactive (i.e., there is no password expiration set). Enter any number between 1 and 365 to indicate how many days should elapse before the password will expire.
The elapsed time occurs from when the user's password was last changed. The expiration interval resets the moment the password is reset by the user.
For a new user, or for a user who has had their password reset by the System Administrator, the password will need to be changed on their first login regardless of the expiration setting.
When a password expires, a dialog box will display giving notice to the user that it is time to change their password. If the user selects No, they are logged out of MPM. If the user selects Yes, the Change Password dialog box opens.
Number of changes allowed before password reuse (0-12) — If left as zero, a user may change from their current password to a new password and then back to the previous password whenever a password change is required. If set to a number between 1 and 12, a user will need to use a new password each time they change for X number of times before reverting back to one of their previous passwords.
Minimum password length is the minimum length a password can be — A password length of 1-8 characters can be set. The default is 1.
Number of Login attempts allowed (1-8) — defaults to zero which means that there is no limit to the number of times a user may try to log in.
Examples where the number of login attempts is set to three:
Case 1 — A user tries to log in three times with an incorrect user id. On the fourth attempt, an error message displays and the user is directed back to the Menu Manager without a login. To refresh the system, the user exits MPM and reopens it to create a new session.
Case 2 — A user tries to log in three times with a correct user id but an incorrect password. On the fourth attempt, an error message displays directing the user to contact the System Administrator. The System Administrator will need to reset the user's password before the user is able to log in again. As soon as the user logs in correctly, the Login Retries is reset to zero.
Days before User ID becomes inactive (0-365) — This is the total number of days since the last login before a user's account becomes inactive. The default is zero which means that a User ID will never become inactive. When a User ID does becomes inactive, the user will not be able to login at all. The System Administrator will need to reset the user's password before the user can log in again. (See Changing Passwords section).