Password change security

When a user changes his password on a POS terminal, the changes are synced with all other terminals and the store database.

To explain how the process works we will walk through a scenario where a user changes his password on POS terminal 1 and then proceeds to log on with the new password on POS terminal 2.

1. The user starts by logging in to POS terminal 1 and POS will detect that this user needs to change his password (This is determined by the password expiration settings in the Site Manager. Also if for some reason the password had to be changed or reset. This is done by clicking on Change password on the user's view in Site Manager).

2. The POS then talks to the Site Service to make sure that this user hasn't already changed his password recently. The Site service will look at the user information in the store database and inform the POS if this user really needs to change his password.

3. In this case the Site Service will tell the POS that this user should go ahead and change his password.

4. The user will be prompted by a dialog where he enters his new password. After the user confirms the new password the POS will send the new password through the Site Service to the store database.

5. Now this same user will go to POS terminal 2 and attempt to log in with the new password he entered in step 4. The POS will detect that the user is attempting to log in with an unknown password but it will also detect that this user has already changed his password.

6. The POS will use the Site Service to get the latest information about the user from the store database and retrieve the new password information.

7. The POS compares the updated password he retrieved using the Site Service with the password that the user entered in step 5 and see that this is indeed the same password.

8. The user will be logged on to the POS and the password information will have been updated on this terminal as well.

A similar mechanism is used when a user is locked out. When a user enters a wrong password too many times he will become locked on the POS terminal he is attempting to log in to. Once this happens, the POS will use the Site Service to mark the user as locked in the store database. This information is then sent to the other POS terminals using the Data Director.

All passwords in LS One are secured by storing them as a salted hash values. Passwords are never sent through the Site Service in cleartext nor are they being stored in memory in cleartext. In the case where the Site Service is used to get password information due to password changes only the hash values are sent over.