Admin Passwords

[TonyB6]

I'm getting really fed-up of not being able to rotate my admins passwords, I have 4 websites with 3 passwords which I rotate. Why does Zencart not allow me to re-use previously used passwords on a 9 month rotation?

Someone please tell me how I can remove the "database" of previously used passwords. This level of restriction is ridiculous


Version 1.5.0

Thanks

[DrByte]

Why does Zencart not allow me to re-use previously used passwords on a 9 month rotation?

That's not a Zencart rule. That's imposed by Visa/Mastercard security standards. https://www.pcisecuritystandards.org/

[RodG]

Someone please tell me how I can remove the "database" of previously used passwords. This level of restriction is ridiculous

If you insist. Running this SQL command should do it
UPDATE `admin` SET `prev_pass1`= NULL,`prev_pass2`= NULL,`prev_pass3`= NULL WHERE 1;

As DrByte has suggested though, in doing this the store will no longer be PCI compliant and you must not process CC payments on the site.

If you don't wish a forced password change every 90 days set the 'last_modified' field to some time in the distant future.

PCI compliancy aside, I neither recommend or condone these changes. The 'rules' were developed from basic good security practices. Ignore them at your own risk.

Cheers
Rod

[dbltoe]

I think this was one of the few times that an answer in PM would have been better advised.

Just sayin'

[RodG]

I think this was one of the few times that an answer in PM would have been better advised.

Just sayin'

Wouldn't matter. The NSA would have gotten to see it anyway. :)

Cheers
Rod