1. Account Administration
  2. Authentication
  3. Password Requirements and Policies in NetSuite
  4. Password Changes Are Logged in System Notes on Entity Records

Password Changes Are Logged in System Notes on Entity Records

Note:

This topic applies to System Notes only. For information about System Notes v2, see System Notes v2 Overview.

Requests to change a password are logged on the System Notes subtab of an entity record. Changes are logged no matter who or what initiates the request. System notes capture successful changes requested through the UI, web services, or RESTlets. Administrators can view the password change information in the system notes for an entity.

Changes are logged for these entity types in NetSuite: Employee, Contact, Customer, Partner, Prospect, and Vendor. System notes include information about who or what initiated the password change, and when the change took place:

For more information about system notes, see System Notes Overview.

To view the system notes on an entity record:

  1. Find the entity record:

    1. Go to Lists > Employees > Employees and choose the employee from the list.

    2. Go to Lists > Relationships and select the entity type (for example, Contacts, Customer, Partner, Prospect, or Vendor) as appropriate. Choose the entity from the list.

  2. Click View.

  3. Click the System Information subtab to view the System Notes subtab.

  4. In the Field list, select Password to view only password-related system notes.

    The System Notes subtab on the System Information subtab.

The following table describes the values for the entries in the Context and Old Value columns.

Context

Description of Values Appended to PASSWORD_CHANGE

UI

  • USER_CHANGE – The user changed the password by clicking Change Password link on the Settings portlet.

  • USER_RESET - The user reset the password by clicking Forgot your password? link on the NetSuite login page.

  • EXPIRED - The user changed the password after their old password had expired.

  • ENTITY_RECORD - The Administrator or a user with permission to modify the entity record updated the password.

  • ADMIN_RESET - An Administrator initiated a password reset from the User Access Reset Tool by checking the Initiate Password Reset box.

  • NEW_ACCESS - The entity was newly given access to a NetSuite account by an Administrator by one of the following methods:

    • Initially setting the password manually on the entity record.

    • Checking the Send New Access Notification Email box on the entity record.

Script

  • SUITE_SCRIPT - The password was changed programmatically through the SuiteScript API through the execution of a SuiteScript.

Web Services

  • WEB_SERVICES - The password was changed programmatically through the SuiteTalk API by a SOAP web services call.

Other

  • GENERATED - The system generated a random password for the entity.

  • TS_SET - NetSuite Customer Support set the password.

  • TS_RESET - NetSuite Customer Support reset the password.

  • NEW_ADMIN - In rare cases, an account has no active users with an Administrator role. NetSuite Customer Support can add the Administrator role to a user.

  • SYSTEM_TASK - A NetSuite system task set reset the password.

  • PROVISIONING - The password was set when the account was provisioned.

Automatic Reset of Long-Abandoned Passwords for Website Customers

Visitors to your website can register an email address and create a password. This action creates lead record in your NetSuite account. Lead and prospect records can be converted into Customer records. Not all users registered on your website remain active, logging in again or purchasing items. These less-active users may forget their login name and password.

Note:

As of 2018.2, long-abandoned passwords are automatically reset. Passwords that are automatically reset are associated with website customers who meet either of the following criteria:

  • The website customer has not logged in within the previous three years.

  • It has been more than 90 days since the customer registered a login name and created a password, and the customer never logged in again.

  • The website customer has not logged in within 30 days after their password was changed.

The customer, lead, or prospect record is retained in your NetSuite account. Only the existing password is removed from the record. Users whose passwords have been reset can still attempt to log in. These users will receive an error message that their password has expired.

Related Topics

General Notices