Password Help, Rules and Policies

Theatre Manager implements fully PCI DSS compliant AES256 encrypted passwords per PCI DSS standard 8.5 and this feature cannot be changed or overridden.

This means all login passwords must be:

  • reviewed and changed every 90 days. Theatre Manager will enforce password changes automatically. This must be manually done on those devices that do not force a change of passwords like routers and firewalls. (PCI DSS 8.5.9)
  • 7 characters or more (PCI DSS 8.5.10)
  • mixed case consisting of at least uppercase and one lowercase letter (PCI DSS 8.5.11)
  • contain at least one number and special character (PCI DSS 8.5.11)
  • cannot be the same as the previous 12 passwords (PCI DSS 8.5.12)
  • cannot have characters or numbers repeated together

Changed all passwords from any vendor default password that might be used for installation per PCI DSS 2.1. For example, you must:
  • Change the Theatre Manager 'Master User' password when the system is installed
  • Change the user and password on any router from anything printed in the manufacturer's documentation
  • Make sure that accessing each computer requires a password and does not 'auto-login'
  • ensure that screen savers are implemented that require passwords to be entered whenever the screen saver is activated. Screensavers (or some other mechanism for locking computers) must activate after 15 minutes of idle time or less (PCI DSS 8.5.15) on all workstations and servers.

Never use the Master User account for daily operations. It should only be used when creating other accounts or for other very specialized needs as directed by Arts Management Systems.

If your network has 'master' domain server (or open directory on OSX) available that could control password authentication for all machines, please ensure that the security policies on the domain/directory server is set to enforce PCI/DSS passwords and that all machines in the network log in using authentication from the server.

If a domain/open directory server is not available to enforce password settings, then each machine/user must use PCI/DSS compliant passwords.

If a user tries more than 6 times to gain access to the system, Theatre Manager automatically resigns the user - which means that they are locked out permanently until manually re-instated per PCI-DSS standard 8.5.13 and 8.5.14

Resetting an Employee Password

If an Employee forgets their password, or attempts to log in too many times and gets locked out of Theatre Manager, their password may need to be reset before they can log in again.

When an employee is locked out, Theatre Manager marks them as resigned. Any permissions that they used to have remain as they were. It is possible to reinstate the employee. This means that they will have same permissions from before they were locked out.

  1. Log into Theatre Manager as a Master User or Outlet Administrator.
  2. Open the Employee List window.

    Click here, for more information on the Employee List wondow.

  3. Search for the Employee to reset.
  4. Double click on the Employee record to open the Employee Data window.

    Click here for more information on the Empolyee Data window.

  5. Click the Password button in the Employee Data window toolbar / ribbon bar.

    The New Password window opens.

  6. Enter the password in the New Password field according to your password settings.
  7. Confirm the new password in the 'Retype Password' field.
  8. Click the Accept button.

    The new password is set for the Employee.

Reinstating an Employee Locked Out of the Database

If an Employee returns to work for your organization, you can reinstate their Employee account.

You will also need to do this when an Employee enters an incorrect password too many times, as Theatre Manager will lock the Employee out of the program. This is designed to prevent people from accessing the database who should not have access.

Theatre Manager applies a resignation date to the Employee recor, which then removes them from the login window.

This process is also used in cases when the Master User or Outlet User has been resigned/locked out. In this case, another Employee with Master User or Outlet User privileges can log in and complete the following process for the Master User account. We, also highly recommend setting a primary email for the Master User on its patron account so users can choose to have an email with the password sent to their email address in cases where the password is lost or forgotten.
The password parameters are defined on the PCI Security tab in Setup>>System Preferences.
  1. Login to Theatre Manager as a Master User or Outlet Administrator.
  2. Open the Employee List window.

    Click here, for more information on the Employee List window.

  3. Check the Resigned box in the upper left of the window.
  4. Search for the Employee.
  5. Single click on the resigned Employee to select them.
  6. Click the Open button.

    The Employee Access window for the selected employee opens.

  7. Clear the Resigned date field.
  8. Click the Password button in the Employee Access Data window toolbar / ribbon bar to set a one-time-use temporary password for the Employee.

    NOTE: The employee will be forced to change their password from the one you enter above when they first log in.

  9. Close the Employee Access Data window.
    10.

The Employee is now listed in the login window andt hey will be able to access Theatre Manager using the password you entered above.

In some very rare cases, there will be no other Employees with Master User access to complete the above steps. In those instances, please enable Remote Assistance on the database server machine and contact support@artsman.com with the login id/pw combination so we can reinstate access.