When Should You Simplify the Login Process?
The default login method on cMT X Series HMIs requires operators to enter both a username and a password, following standard User Account Control (UAC) practices to enhance system security. However, in some cases, a password-only login method may be sufficient:
- Legacy equipment replacement: When upgrading older systems, an HMI programmer may wish to replicate existing functionality to ensure a seamless transition for operators.
- Single operator account: If the HMI uses a single “operator” account selected from a drop-down list, requiring the user to enter or select a username provides little added value.
- Customer requirement: The customer explicitly requests password-only login.
Limitations of Password Only Login
The main trade-off with a password-only login is security. Because a username is not required, the operator only needs to provide a single identifier. While many systems use password-only authentication, this approach can be risky when applied to critical machinery or infrastructure. Whenever possible, it’s recommended to implement Multi-Factor Authentication (MFA) to better protect the system from unauthorized access.
Another consideration is complexity. Since password-only login is not a built-in feature, it must be implemented through custom steps and programming practices. These should be well documented and clearly understood to ensure that future updates or maintenance does not disrupt the login process.
Password Only Login on Weintek HMIs
Create Users
Step 1: Within the “Home” tab select “System Parameters.” Then select the “Security” tab and add usernames and passwords. The “Class” will later determine what objects a user can access, the class settings may be specified next to the user account. Click “Ok” when finished.
User Login
Step 2: Double-click the “Common Window” within the Windows Tree.
Step 3: Within the “Object” tab, select the “Action Trigger (Per-page)” object.
Step 4: We will use “Action Trigger (Per-page)” objects to validate user “passwords”. Within the “New Action Trigger (Per-page)” object, select “Value changed” from the “Mode” drop-down list.
Step 5: Within the “Address” drop-down list select PLW.
Step 6: Specify an unused register and select the “add tag” button on the right-hand side. Enter the desired tag name and click “Ok” to create this tag.
Note: Later, we will use this address to enter user passwords.
Step 7: Use the “Condition” to define the password of the first user added in step 1.
Step 8: Under Triggered actions, we will use a “Set Word” action to enter both the username and password to login. Select “Write constant string” within the “Style” drop-down list and enter the username that corresponds with the password defined within the “Condition”.
Step 9: Within the “Address” drop-down list, select the “User-defined tag” tab and click “UAC user name”.
Step 10: Select the “Settings” button to specify the character count. The “No. of word” for “UAC user name” and “UAC password” must be set to ‘8’ which allows a maximum of 16 characters to be set. Click “Ok” when finished.
Note: If the “No. of word” is not set to 8, the login may be unsuccessful or behave unexpectedly.
Step 11: Repeat steps 8-10 to set the “UAC password” with the password defined in step 1:
Note: The “Set Word” in this example should appear as below.
Step 12: Back under the Triggered actions, within “Action Group 2”, set a delay of 250ms.
Step 13: Within “Action Group 3” create a “Set Word” object to set the “login” command. Select “Write constant value” within the “Style” drop-down list and set a value of ‘1’. Within the “Address” drop-down list, select the “User-defined tag” tab and click “UAC command”.
Note: A command value of ‘1’ will request login, whereas a command value of ‘3’ will request logout.
Step 14: Click “Ok” when finished and place this object on the “common window”. Copy this object and modify each parameter for each additional user.
Note: I’ve defined 3 users in step 2 and have created 3 “Action Trigger (Per-page)” objects to login each user.
User Logout
Step 15: Within the “Object” tab, create a “Combo Button”. Within “Action Group 1” create a “Set Word” action.
Step 16: Select “Write constant value” within the “Style” drop-down list and set a value of ‘0’. Within the “Address” drop-down list, select the “User-defined tag” tab and click “User password”.
Step 17: Within “Action Group 2” set a delay of 250ms. Within “Action Group 3” create a “Set Word” action. Set a value of ‘3’ within the “UAC command” tag to logout the current user. Click “Ok” and place this object.
Protect Objects
Step 18: To secure an object, right-click an object or group of objects and select “Security settings”.
Step 19: Select the “Object class” drop-down list and choose the desired security clearance and define the object’s secured behavior.
Password Entry
Step 20: To create a password entry object, select the “Object” tab and click “Numeric”.Ensure that the “Read/Write” address is set to the “User password” tag defined in step 5 of the “User login” section.
Step 21: If the password is longer than 4 digits, increase the number of allowed digits within the “Format” tab. Click “Ok” to place this object.
For more detailed instructions, please refer to the Weintek Forum!
Best Practices for HMI Password Protection
As a best practice, it is recommended to implement the default login system provided by “Enhanced security”. In addition, it is recommended to use strong passwords consisting of:
- Use at least 8 characters.
- Include a mix of uppercase, lowercase, numeric, and special characters.
- Avoid dictionary words, repeating characters, or adjacent key patterns.
Key Takeaways:
- Supporting multiple protocols is essential for meeting strict application needs.
- The protocol chosen should always reflect the structure, processing speed, and feature requirements of the application.