Password Changes Are Logged in System Notes on Entity Records
This topic applies to System Notes only. For information about System Notes v2, see System Notes v2 Overview.
Requests to change a password are logged on the System Notes subtab of an entity record. Changes are logged no matter who or what initiates the request. System notes capture successful changes requested through the UI, web services, or RESTlets. Administrators can view the password change information in the system notes for an entity.
Changes are logged for these entity types in NetSuite: Employee, Contact, Customer, Partner, Prospect, and Vendor. System notes include information about who or what initiated the password change, and when the change took place:
-
User (from the Change Password or Forgot Your Password links, or when the user changed the password after it expired.)
-
Administrators (by manual assignment to set user passwords, or by sending the New User Access Notification Email to let the user set the password. The Administrator can also initiate a password reset with the User Access Reset Tool).
-
NetSuite Customer Support (using internal tools).
-
Automated processes.
For more information about system notes, see System Notes Overview.
To view the system notes on an entity record:
-
Find the entity record:
-
Go to Lists > Employees > Employees and choose the employee from the list.
-
Go to Lists > Relationships and select the entity type (for example, Contacts, Customer, Partner, Prospect, or Vendor) as appropriate. Choose the entity from the list.
-
-
Click View.
-
Click the System Information subtab to view the System Notes subtab.
-
In the Field list, select Password to view only password-related system notes.
The following table describes the values for the entries in the Context and Old Value columns.
Context |
Description of Values Appended to PASSWORD_CHANGE |
---|---|
UI |
|
Script |
|
Web Services |
|
Other |
|
Automatic Reset of Long-Abandoned Passwords for Website Customers
Visitors to your website can register an email address and create a password. This action creates lead record in your NetSuite account. Lead and prospect records can be converted into Customer records. Not all users registered on your website remain active, logging in again or purchasing items. These less-active users may forget their login name and password.
As of 2018.2, long-abandoned passwords are automatically reset. Passwords that are automatically reset are associated with website customers who meet either of the following criteria:
-
The website customer has not logged in within the previous three years.
-
It has been more than 90 days since the customer registered a login name and created a password, and the customer never logged in again.
-
The website customer has not logged in within 30 days after their password was changed.
The customer, lead, or prospect record is retained in your NetSuite account. Only the existing password is removed from the record. Users whose passwords have been reset can still attempt to log in. These users will receive an error message that their password has expired.