• Never share your password with anyone, for any reason, under any circumstances.

• Use complex passwords. Maitre’D already forces you to use a minimum of 7 characters with a mix of letters and numbers, however:

  • Try using 8 or more characters. Long passwords are harder to guess.

  • Avoid using combinations like 123abcd, or 123456a, or abcdef1, etc. These combinations are easy to guess and can get your system compromised.

  • Avoid using combinations of adjacent letters and numbers on the keyboard, such as “qwertyu

  • Avoid using common words with letters replaced by numbers or symbols, such as “P@ssw0rd” or M1cro$0ft. Unfortunately, hackers know these tricks, too.

  • Try using 8 or more characters mixed in with capital letters, numbers and special characters. A very effective technique is to choose a phrase which only you would know, then take the first few letters of each word to start building your password. Then, throw in a few numbers and add a special character or two

• Do not use any word from any dictionary in any language. Hackers can use sophisticated dictionary attacks; therefore, any dictionary words are not safe to use as passwords.

• Never use any kind of personal information as your password, such as your spouse’s name, children’s names, birth dates, anniversaries, etc.

• Make sure that only key personnel have Distributor or System Owner access. Give lower access to everyone else.

• If you have even the smallest doubt that someone may know your password, have it changed immediately.

• When an employee quits or gets fired, immediately delete this person’s account from Maitre’D. If you need to keep the account for audit purposes, then immediately change the password.

• Strictly enforce passwords management policies with all employees using any part of your computer system.

In Maitre’D, the System Owner and Distributor access levels can access all functionalities and change any setting in the system. As you create users for the Maitre’D back-office, make sure that these access levels are given only to users with an operational requirement to be able to perform these actions. Also, PCI DSS and PADSS require that every back-office user logs in with a unique username and password combination. Here is a detailed walkthrough to setup back-office user accounts:

After 5 unsuccessful login attempts, Maitre’D will automatically lock the user account. To unlock an account, someone with Distributor or System Owner access needs to login, access the user editor, select the locked account and click the Unlock button.

Locked accounts are marked with a padlock icon:

1- Start the Maitre’D Back-Office software and logon with appropriate credentials. Either Distributor or System Owner access is required for this task.

2- From the main back-office screen, click on the Tools menu, and select the User Editor option.

3- The User Editor window will be displayed. All existing users with access levels equal or lower than yours will be listed here, if any.

Click the New button to create a new user.

Click the Delete button to permanently delete an existing user.

This button is only available to Posera technicians to reset an account’s password history for troubleshooting purposes.

Click the UnLock button to unlock a locked account.

Click the Discard button to clear information that was entered during the process of creating a new user.

Click OK to commit changes and exit out of the User Editor tool.

Click Apply to commit changes without exiting from the User Editor Tool.

Click Cancel to exit out of the User Editor tool without saving changes.

1. Click the New button to start the process.

2. User Name Type a user name for this account. The user name should allow the person logging in to be identified.

3. Access Level

Choose an access level for this user:

Distributor

This access is restricted to Maitre’D Certified technicians and installers. All other access levels are unable to see or grant this access.

System Owner

The System Owner access level is restricted to the restaurant management. Only top-level managers should have this access, as this allows them to create and delete other users, as well as to perform administrative duties on the system.

Access Levels 2 through 8

These access levels can be fully customized, and don’t allow decrypted PANs and expiration dates to be shown anywhere. These access levels can be used for anyone requiring access to the Maitre’D back-office software.

1. Password

Type in a password for the new user. The password must be at least 7 characters, and comprised of a mix of letters and numbers.

1. Confirm Password

Confirm the password for this new user.

1. User must change password at next login

Enable this option to force the user to change the login password during the next login. This option should be used for every new account and afterwards if there is a doubt that an account password may have been compromised.

1. Apply

Click the Apply button to create the user without exiting the User Editor. This will allow you to create more users.

1. OK

Click OK to save your changes and exit.

By default, on new Maitre’D installations, any Maitre’D Back-Office module that is open will automatically close itself after being idle for 15 minutes. Also, in Maitre’D 7.08.000 or later, this option is systematically enabled and grayed out on systems where the Electronic Funds Transfer module is in use. This prevents the option from being accidentally disabled and ensures PA-DSS / PCI DSS compliance. However, it is good practice to verify that the Use Inactivity Timeout option is enabled in Server Control / View / Options / Advanced / Miscellaneous.

To do so:

1- Logon to the Maitre’D back-office with appropriate credentials. (Distributor or system owner access).

2- From the main back-office screen, start the Server Control module.

3- Click the View menu, and select Options…

4- Under Advanced, click on the Miscellaneous tab

Make sure that the Use Inactivity Timeout option is checked, and click the OK button at the bottom of the window.

If the Use Inactivity Timeout option is not grayed out, it may indicate that the Electronic Funds Transfer module could have been setup incorrectly. In that case, please review the configuration as outlined in earlier sections of this document

1- Logon to the Maitre’D back-office with appropriate credentials. (Distributor or system owner access).

2- From the main back-office screen, start the Server Control module.

3- Click the View menu, and select Options…

4- Under Advanced, click on the Miscellaneous tab

5- Make sure that the Use Username Login option is checked, and click the OK button at the bottom of the window.

This will ensure that all users are forced to enter a username and a password to login to the back-office software. This is required for PA-DSS compliance.

Maitre’D will automatically force users to change their passwords every 90 days. Also, Maitre’D keeps a history of each user’s passwords so that the last 4 passwords cannot be re-used. In case a password becomes compromised or if you have any doubts to that effect, you can force any user to change their password by checking the User must change password at next login box in their account’s properties. Of course, you need to be logged in with Distributor or System Owner access in order to do this.