1. Commerce
  2. NetSuite Point of Sale (NSPOS)
  3. NSPOS Administrator Guide
  4. Company
  5. Employees and NSPOS
  6. Configuring Password Requirements by Role in NSPOS 2019.1.X or later

Configuring Password Requirements by Role in NSPOS 2019.1.X or later

To ensure security throughout your NetSuite Point of Sale (NSPOS) register network, NSPOS 2019.1.X or later includes password management tools. The criteria, tools and requirements meet Oracle security standards.

Administrators can configure password policies for all non-Administrator Roles, increasing or decreasing most requirements as needed for your business. Per the Payment Application Data Security Standard (PA-DSS) and Oracle security guidelines, administrators cannot adjust the password expiration period or password complexity for the Administrator Role.

Non-administrator Password Requirements

For NSPOS 2019.1.0 and later, the default password policy for all non-Administrator Roles is:

  • Length must be at least 8 characters, maximum 128 characters

  • Must include at least 1 number (0 - 9)

  • Must include at least 1 lowercase alpha character (a - z)

  • Must include at least 1 uppercase alpha character (A - Z)

  • Must include at least 1 non-alphanumeric character (!@#$%^&*.:;~'` "*/\+?-,_|=()[]{}<>)

  • Passwords expire after 180 days

  • Account is locked after 5 failed login attempts

  • If left idle for 15 minutes, a register having a user signed in becomes locked or switched to closed mode

Important:

Setting the failed login attempts to 0 disables the lockout function.

Note:

For administrator Roles, the maximum failed login attempts is 5. For other administrator requirements, please contact NetSuite Customer Support.

Updating a Password Policy

Administrators make updates to a password policy by editing a Role’s NetSuite ERP RA-Operator Password Policy record. Each Role has a separate record and can have a unique policy. Policy updates download to your registers during the normal synchronization process.

If a user is assigned a different Role, they might be required to change their password at the next login.

To set Password Policy Rules:

  1. Log in to NetSuite as an administrator.

  2. Go to Customization > Lists, Records & Fields > Record Types.

  3. Locate the RA-Operator Password Policy row.

  4. Click List.

    The RA-Operator Password Policy List displays the current password setup for all Roles.

    RA-Operator Password Policy List.

  5. Click a Role’s Edit link to make changes.

    RA-Operator Password Policy record.
    Tip:

    Use the System Notes subtab on the record to view your history of Password Policy changes.

  6. Select the Operator Role/Group to which the password policy will apply.

  7. Set the desired policy for the Role:

    • Minimum Length – Enter the minimum password character length allowed.

      • Values: 8 – 128

      • Default: 8

    • Require Special Characters – If checked, password must include at least one non-alphanumeric character (!@#$%^&*.:;~'` "*/\+?-,_|=()[]{}<>).

      • Values: Yes (checked), No (cleared)

      • Default: Yes

    • Require Mixed-Case Characters – If checked, password must include at least one uppercase alphabetic character (A - Z) and one lowercase alphabetic character (a - z).

      • Values: Yes (checked), No (cleared)

      • Default: Yes

    • Require Numbers – If checked, password must include at least one number (09).

      • Values: Yes (checked), No (cleared)

      • Default: Yes

    • Expiration Period in Days – Number of days after current password was set before user is required to change their NSPOS password.

      A value of 0 (zero) means that passwords do not expire.

      • Values: 0 – 365

      • Default: 180

    • Max Invalid Login Attempts – Number of failed login attempts before the user’s account is locked. If a user is locked out, they cannot log in until an administrator unlocks their account.

      See Unlock an Employee’s Account for NSPOS under Company > Employees in the NSPOS Administrator Guide.

      A value of 0 (zero) means the Invalid Login Attempts feature is disabled.

      • Values: 0 – 10

      • Default: 5

        For administrators, the values are 0 – 5.

    • Auto Lock Down Period in Minutes – If a register is left idle for this period, NSPOS causes the register to automatically:

      • Lock out the user - If a transaction is open on the register

      • Log out the user - If there is no open transaction

      The user must log in to begin using the register.

      • Values: 0 – 60

      • Default: 15

      Note:

      Entering a period of 0 (zero) disables the Auto Lock Down Period feature.

    • Require Password Change Next Login – If checked, all users with the selected Role must change their password the next time they log in.

      • Values: Yes (checked), No (cleared)

      • Default: No

    Tip:

    Use the User Notes subtab to list why a policy was changed. Click New Note.

    User Notes subtab.

  8. Click Save.

Minimum Security Standards Warning

If an administrator sets one or more password fields to values that do not meet minimum recommendations, NetSuite displays a warning when they click Save.

Minimum password security warning.

The administrator can:

  • Click OK to update the policy, or

  • Click Cancel to go back and adjust the settings.

No Backward Compatibility for Password Policy changes

The NSPOS password policy feature in NSPOS 2019.1.0 or later will not synchronize to registers that are on prior releases. For a policy to apply to all registers, you must upgrade all registers to 2019.1.0 or later.

Important:

Upgrade all registers to ensure your password policy applies to your entire register network.

Related Topics

Employees and NSPOS
Setting up a New Employee
Assisting Employees with Lockouts and Passwords
Changing an Employee’s Security Role
Disabling an Employee’s Access to NSPOS
Inactivating an Employee in NetSuite ERP
Working with the optional Time Clock in NSPOS

General Notices