CyberStore Documentation
Account Security

User's Guide > Business Logic > Account Security
In This Topic

Account security is important for maintaining peace of mind while operating your storefront. Thus, several account and password protection features are in place within CyberStore that allow a user to establish the best protection for the information that must remain private.

New with version 2.19.4: Passwords are stored in an encrypted non-reversible way. This change greatly increases password security but means that passwords cannot be retrieved from the system, allowing only authorized console users to reset them. More info can be found here: Console User Account Password and Login Security Updates

Password Protection

An important element of account security is being able to keep your password safe. In the event that you forget your password, the Forgot Password feature is indispensable for retrieving said login information.

By using the email assosciated with the account in question, simply by inputting the email a 6 digit verification code will be sent, along with a reset password link. Clicking the reset password link and inputting the verification code will confirm the request and allows you to then change your password.

 

 

The resulting email is worded as such:

Upon inputting the verification code and the supplied link, you can then go about changing your password.

The Change Password feature is only acsessible through accounts that are already logged in, or have just used a verification code from the forgot password process within their email.

A change password control can look as such.

 Upon changing your password you will be redirected to the login screen.

 

 Account Security Settings

Aside from password settings, more general account privacy features are also in place within CyberStore.

 Account Lockout

A new feature within 2.19.4 is an Account Lockout setting. This setting is present for both Console users and Front End Shoppers and is highly customizable within the Site Manager menu.

Front End Users:

For front end users, the account lockout setting can be applied through the Site Configuration menu and looks as such:

 

By default 3 failed attempts will result in an account being locked for 15 minutes. After the 15 minutes elapses, a correct password entry will unlock the account. Both the amount of attempts before lockout and the duration of the lockout can be changed.

If a specific account needs to be locked, for example if an account is suspected to be compromised, going to Customers >Account Maintenance>Edit you can directly lock a specific account, as highlighted below.

This form of account lock can only be applied and reverted through this screen.

Console users:

Similarly to front-end accounts, after 3 repeated failed login attempts to the Management Console, the console user will be locked and unable to log in for 15 minutes. After the 15 minutes elapses, a sucsessful password entry will unlock the account. The amount of time for which an account is locked can be edited within the management console under Tools > User and Group Administration > User Administration > Edit

Furthermore, within the Tools > User and Group Administration > User Administration screen, those with console acsess are able to directly alter the lockout status of specific accounts, which can be especially useful when an account is suspected to be compromised.

 

 

 

See Also

Version 2.19.4 New Features