Password management

The RAS suite (MMS, RASnet etc.) is s secure system that complies with GPC security guidelines. These are our best practice guidelines for managing passwords within the RAS eco-system;

No user has access to another users (including members) passwords.
All users (including members) will manage their own passwords and meet the minimum character requirements for secure passwords.
Password creation emails are automatically sent to any new account that is created.
Links to set passwords will timeout to enforce security.
Forgot password links can be found at all login screens (i.e. RASNET, MMS).
Passwords are automatically reset every 180 days after the last reset, at this time an email will be sent asking the user to create a new password.
A user has three attempts to log in before a gradually increasing lock-out phase begins. The lock-out time increases every time you get the password incorrect, after the initial three tries.

While it can be frustrating to have to update passwords regularly it is important to be secure and comply with GPC security guidelines.

New user password set-up

When a new user is created in MMS (this could be a prospect being converted to a member or a new RAS team member) they will automatically be sent an email requesting they create their password, the link in this email will be expire after 24 hours.

If the link is not used within 24 hours it will no longer work. To enable the user to access MMS or RASNet you must direct them to the correct log-in page (i.e. RASNet for members and MMS for all other users) to start the forgot password process. This will allow the member to set their password and gain access to their account.

Don't forget to let them know their username. For members, their username is their member code. For all other users, their username is whatever was entered into the system when creating the user.

Forgot password

If a user forgets their password you should use the 'Forgot your password' link on the log-in page. Just enter your username and an email will be delivered to you. Follow the link provided to reset your password.

The link within the email will expire after one hour. If it is not actioned within that hour you will need to start the process again, requesting a new email using the forgot password link on the log in page.

Passwords are reset at the completion of the process, not as soon as it is initiated.

For members, their username is their member code. For all other users, their username is whatever was entered into the system when creating the user.

Regular, mandatory password resets

Any password that has existed, unchanged for 180 days will be automatically reset. It is automatically reset to a random string. The user will be sent an email requesting they set a new password. The link in the email will expire after 48 hours.

If the password is not reset in this timeframe the user must use the 'Forgot your password' process.

If a user attempts to log in after the password has been reset, without setting a new password, they will be told their password is invalid.

Member specific password details

Sometimes members might need a little reminder about the process.

The member's username requested on the RASNet log-in page is always their member code.

The password reset process is associated with the email address under a member's contact details in MMS;

The email address a member's password reset is sent to can be different from the email address used for bookings and the email address campaign notifications are sent to; depending on the MMS configuration.

Tips for resetting passwords

Start the process again

If you're continuing to have login problems (i.e. you're at the 4 hour lock-out point), try the same password again is likely to fail. It's likely you've entered the password incorrectly at the same point and repeat the same steps will just lead to further failure.

We suggest visiting https://rasnet.repcoservice.net (for members) https://mms.repcoservice.net (for RM/BDMs) and click on the Forgot password? link and follow the steps to start the process again.

Copy and paste your password

When you're updating your password, write the password into Windows Notepad (or something similar) first, following the rules on the password reset screen to ensure the password complies with the password rules. Highlight the password in Notepad, copy the password, and then paste it into the Password Reset screen in both fields.

Once the password has been reset and you attempt to log-in to RASNet ( https://rasnet.repcoservice.net) make sure you paste the password into the password field to ensure it's accurate.

After your access to RASNet is restored make sure you practice proper password storage techniques to ensure your password is safe from prying eyes.

Saved passwords

Most browsers have functionality that will save your passwords and while this is useful, in occasions such as resetting password, they can sometimes cause errors. When you're logging in for the first time, after resetting your password, be careful to NOT use the saved password. Retype your username and paste your password (from where you wrote it, i.e. Notepad) into the password field - once you're logged in, the browser should ask if you'd like to update the saved password. Click yes, and the next time you log in, you should be able to successfully use the updated saved password.

Login attempt lock-out

While frustrating, the login attempt lock-out does improve security. If you reset your password while being locked out, you'll need to ensure you're using the most recent password you provided during the password reset process. However, you'll still need to wait for the lock out to complete before you can attempt another log in.

Forgot password? links

If you're following a link in an email to reset your password and you see a page entitled RSSO, with a username and password field, you're suffering from an Outlook feature that sometimes rewrites URLS in emails. If that is the case, please forward the details onto Idearium so they can help you out.