New security options

18 February 2014

As part of our ongoing process to increase the security of your webstore we now offer some additional features:

How do I update the ‘Forgot Password’ template?

Changing the forgotten password email template is quite straightforward. The advantage of making these changes is that password will be not sent via email, so it’s much more secure. It is highly recommended that you make this change.

Go to Edit Templates -> Email -> Forgot Password

If you have customized your template you will need to replace the following lines:

<p><span style="font-size:12px;color:#3881c8;font-family:verdana;"><strong>Username:</strong> {details['customer_username']}</span></p>

<p><span style="font-size:12px;color:#3881c8;font-family:verdana;"><strong>Password:</strong> {details['customer_password']}</span></p>

with these ones:

<p><span style="font-size:12px;color:#3881c8;font-family:verdana;"><strong>Username: </strong> {if (getOption("DisableCustomerUsername"))}{details['customer_email']}{else}{details['customer_username']}{endIf}</span></p>
To reset your <strong> password </strong> <a href="{details['hostname_secure']}/store/member.asp?action=resetpassword&token={details['token']}">Please go here</a>

Or remove those two lines and replace them with a message like this:

Dear <strong> {details['customer_firstname']}</strong>
We have received a request to reset your password.<a href="{details['hostname_secure']}/store/member.asp?action=resetpassword&token={details['token']}">Please go here</a> to choose a new password:
<a href="{details['hostname_secure']}/store/member.asp?action=resetpassword&token={details['token']}">{details['hostname_secure']}/store/member.asp?action=resetpassword&token={details['token']}</a>
{if (getOption("DisableCustomerUsername"))}{else}When you next log in, your username will be <strong> {details['customer_username']}</strong>.{endIf}
Please note that this link is only active for {details['password_token_expiry']} hours. After this time, the code will not work and you will need to resubmit the password change request.

When a customer resets their password successfully, they will be automatically notified via email. You can customize the template for this email in:

Go to Edit templates -> Emails -> Reset Password

How do I change the security options?


The default (and recommended) timeout for sessions is 40 minutes. However if you don’t want to force your customers to login after 40 minutes of inactivity or you want to increase the security by making this number lower you can change the option here.

Password Requirements:

It is safer for your customers if they have a secure password, and you can now choose the restrictions on customer entered passwords

  • Minimum length (Default is 5, we recommend at least 8 characters).
  • You can also require that the password contains a number, an upper-case, a lower case and at least one symbol.
Password Reset:

This option will allow you to modify how long a password reset request is valid (Default is 24 hours).

Customers Lockout:

You can establish the maximum number of times that a customer can fail to login and at that time the shopper will be locked out. This is a measure to prevent automated attacks on your customer account logins.