No announcement yet.

Forced Admin Password Change

  • Filter
  • Time
  • Show
Clear All
new posts

  • Forced Admin Password Change

    Now that NIST has finally come to their senses and dropped the recommendation to force periodic password changes, any chance that 3dCart will drop it as well?

  • #2
    I believe the changes are more about when to re-authenticate, the PCI 3.2.1 standards remain in place and requires password change every 90 days.
    I recommend you install LastPass, which works on your browser/phone if you have not yet, it makes the whole process a lot easier, and remains secure as the database of passwords is encrypted on your device.
    Gonzalo Gil
    3dCart Support
    800-828-6650 x111


    • #3
      Hopefully to PCI standard will be updated to use the current recommendation to not force password changes for no specific reason.

      We do use LastPass. However, the 3dCart admin password change process does not always work well with LastPass and can get very confusing for our employees when things go wrong. As a result, every 90 days I usually end up resetting everyone's password and walking them through the process of updating their 3dCart and LastPass accounts with a new password.