Password security controls who is able to use the Coins ERP+ system. Each Coins ERP+ user has a User ID and a password, which they must enter each time they log in. Coins ERP+ passwords are encrypted, and are case-sensitive.
The following security settings are available:
You can set passwords to expire after a given number of days (see WEBPWDEX), with a different number of days for Admin users (see WEBPWDXA). The password expiry date is shown on the user record.
You can set user sessions to log out automatically after being idle for a given number of minutes; the user is then required to log in again (see WEBLGOUT).
You can lock users' accounts if they are not used for a given number of days (see LKUNUSED).
You can lock a user's account if a given number of unsuccessful login attempts are made (see LOGATTEM). This also applies when changing passwords.
You can prevent users from re-using passwords they have used recently (see PWDHIST).
You can restrict how often users can change their passwords (see PWDMIN).
You can specify that passwords must contain a mixture of uppercase and lowercase letters, and special characters (see CHKPASS), and/or you can set different minimum password lengths for normal users and Admin users (see PWDLEN, PWDLENA).
Use Users to create user records, and set passwords and logout periods for individual users. See Adding a New User or Group to Coins ERP+. Fields on the user record also allow you to control:
which printers the user has access to.
which companies the user has access to.
See also:
Two-Factor Authentication
IP Address Alerts
Password security - configuration
"Admin users" are those users who are listed in the Administrators field in Module/Licence Maintenance.
Parameters
SY/CHKPASS - Check password strength
Whether a user's password should meet certain strength criteria.
If you set this to Y then passwords will need to be at least 6 characters long, and contain upper and lower case alpha, numeric, and special characters.
COINS recommends turning this parameter on to enforce strong passwords. Clients should configure this to align with their corporate standards.
SY/LKUNUSED - Number of days after which an unused named account will be locked
The number of days that can pass when a user does not log in before their account will be automatically locked out.
If a user does not log in within the specified number of days, COINS automatically ticks the Account Locked box on the user's record. The user will not be able to log in to COINS using any interface until this box is unticked.
SY/LOGATTEM - Number of invalid login attempts allowed
The number of invalid login attempts which are allowed before a user's account is locked out.
If the allowed number of invalid login attempts is exceeded, COINS automatically ticks the Account Locked box on the user's record. The user will not be able to log in to COINS using any interface until this box is unticked.
This also applies when a user changes their password.
COINS recommends setting accounts to lockout after multiple login failures (between 3 and 10). Clients should configure this to align with their corporate standards.
SY/PWDEXWRN - Number of days before expiry warning
The number of days before the password expiry date that COINS will warn the user. The warning says how many days the password will expire in.
SY/PWDHIST - Password History
The number of historic passwords which should be stored for each user; the user will not be able to repeat a password from this list.
When changing a password, if the user enters one of the passwords in the list, COINS issues an error message and will not let the user use that password.
COINS recommends a value between 3 and 10. Clients should configure this to align with their corporate standards for passwords.
SY/PWDLENA - Minimum password length for new Admin user passwords
The minimum password length required when new passwords are set for Admin users.
COINS recommends a length between 16 and 20. Clients should configure this to align with their corporate standards for passwords.
SY/PWDMIN - Minimum days between password change
The minimum number of days before a password can be reset again.
Once a user's password has been changed, it cannot be changed again for this number of days. The default (if this parameter is not set) is 1.
This is to prevent (or at least discourage) users from changing their password several times so as to get back to their original password, thus getting round the restriction on using previous passwords.
Clients should configure this to align with their corporate standards for passwords.
Related Parameter
SY/PWDHIST - Password History
SY/PWDMIN - Minimum days between password change
The minimum number of days before a password can be reset again.
Once a user's password has been changed, it cannot be changed again for this number of days. The default (if this parameter is not set) is 1.
This is to prevent (or at least discourage) users from changing their password several times so as to get back to their original password, thus getting round the restriction on using previous passwords.
Clients should configure this to align with their corporate standards for passwords.
Related Parameter
SY/PWDHIST - Password History
SY/WEBLGOUT - Web Logout Time (Minutes)
The number of minutes a user's Coins ERP+ session may remain inactive before COINS automatically logs the user out.
You can specify a different number of minutes for an individual user, by using the Timed Logout field on the Preferences tab of User Workbench.
There is a minimum period of 60 minutes; values less than this are ignored.
After COINS has logged the user out, the screen will continue to show the last page that the user requested; when they request a new page, COINS will prompt them to log in first.
SY/WEBPWDEX - Web Password Expire in Days
The number of days a user's password can be used before it expires (Coins ERP+ only).
COINS calculates the new expiry date by adding this number of days to the date on which the user changes their password. However, if the Expires field on the user's record is blank, their password will not expire.
Clients should configure this to align with their corporate standards for passwords.
Related Parameters
SY/PWDEXWRN - Number of days before expiry warning
SY/WEBPWDXA - Web password expiry days for Admin users
SY/WEBPWDXA - Web password expiry days for Admin users
The number of days an Admin user's password can be used before it expires.
COINS recommends a value between 30 and 90. Clients should configure this to align with their corporate standards for passwords.
Related Parameters
SY/PWDEXWRN - Number of days before expiry warning
SY/WEBPWDEX - Web Password Expire in Days
SY/WEBRDAYS - Remember login Days
The number of days that a user ID will be remembered.
This can be set to any integer. This is the number of days that the user will be allowed access to COINS without further authentication.
The default is for the remainder of the current day (based on the server date).
You can override this for an individual user by setting a different value in the Remember Login Days field on their user record.
Related Parameter
SY/WEBRPWD - Remember login password
SY/WEBRPWD - Remember login password
An additional password which is encrypted and checked on login to allow access.
If using user re-login (which is deprecated if using AAD SSO), this allows a user to relogin without entering their password. A token is stored in the client browser and is used to obtain a new session token. This password means that this session token is unique to this environment. It should be set to a suitably complex password string and should be different on each environment that you have β for example, it should be reset when copying live to cplive.
This is intended to prevent a user setting up a similar COINS system, creating a login token, transferring to the live system and gaining access. Without this password they would not be able to set up the correct token.
You can reset this if you want to force all users to log in.