You are here

Password Help, Rules and Policies

Subscribe to Syndicate
Theatre Manager implements fully PCI DSS compliant AES256 encrypted passwords per PCI DSS standard 8.5 and this feature cannot be changed or overridden.

This means all login passwords must be:

  • reviewed and changed every 90 days. Theatre Manager will enforce password changes automatically. This must be manually done on those devices that do not force a change of passwords like routers and firewalls. (PCI DSS 8.5.9)
  • 7 characters or more (PCI DSS 8.5.10)
  • mixed case consisting of at least uppercase and one lowercase letter (PCI DSS 8.5.11)
  • contain at least one number and special character (PCI DSS 8.5.11)
  • cannot be the same as the previous 12 passwords (PCI DSS 8.5.12)
  • cannot have characters or numbers repeated together

Changed all passwords from any vendor default password that might be used for installation per PCI DSS 2.1. For example, you must:
  • Change the Theatre Manager 'Master User' password when the system is installed
  • Change the user and password on any router from anything printed in the manufacturer's documentation
  • Make sure that accessing each computer requires a password and does not 'auto-login'
  • ensure that screen savers are implemented that require passwords to be entered whenever the screen saver is activated. Screensavers (or some other mechanism for locking computers) must activate after 15 minutes of idle time or less (PCI DSS 8.5.15) on all workstations and servers.

Never use the Master User account for daily operations. It should only be used when creating other accounts or for other very specialized needs as directed by Arts Management Systems.

If your network has 'master' domain server (or open directory on OSX) available that could control password authentication for all machines, please ensure that the security policies on the domain/directory server is set to enforce PCI/DSS passwords and that all machines in the network log in using authentication from the server.

If a domain/open directory server is not available to enforce password settings, then each machine/user must use PCI/DSS compliant passwords.

If a user tries more than 6 times to gain access to the system, Theatre Manager automatically resigns the user - which means that they are locked out permanently until manually re-instated per PCI-DSS standard 8.5.13 and 8.5.14