Configure Login Settings

In Business Manager, it's important to configure user password restrictions and login lockout policies. All the possible values ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS).

1. Select Administration > Global Preferences > Security.
2. On the User Authentication tab, configure how many times a user can enter an incorrect login before being locked out and for how long. Both the max and the default value is six.
   By default, the user is locked out for 30 minutes. If you select Forever, the account remains locked.
3. Set the number of days after which a user is required to change their password. The default is 60 days.
4. Set the number of days before an unused account is deactivated. The default is 90 days,
   Seven days before deactivation, the user is sent an email, instructing them to log in to their account to avoid deactivation. The user is sent a second email one day before deactivation.
   If you choose less than 10 days of inactivity, the first email is sent three days before deactivation instead of seven.
5. Indicate whether a user is required to answer a security question to change their password.
6. For Enforce Password History, specify how many passwords from a user's password history are remembered.
   A new password is checked against this history to ensure that a unique password is being used. The default is to remember four passwords.
   Password history isn't saved until you set this value.
7. Configure the character requirement settings for passwords. See Business Manager Password Protection for limits and default values.
8. Click Apply.