Community
Showing results for 
Search instead for 
Do you mean 

Fast Tip Friday: Best Practices for Managing Your Password in Sage ACT! #SageACT

by bwhalen_sage ‎03-23-2012 08:29 AM - edited ‎03-23-2012 08:55 AM (812 Views)

banner Sage UniversitySubmit your Tip

It’s always tricky to balance security and ease of use, but depending on the importance of the data, coupled with the risk of compromise, it’s worth evaluating how well you are securing your Sage ACT! data. Over the next few weeks, I’ll share some best practices regarding security, as well as resources you may use to troubleshoot some security related issues such as a lost/forgotten Sage ACT! password. Let’s start with a few best practices for creating a strong password.

 

Protecting Your Data with Passwords

 

Security is best applied in a layered approach, with security measures applied at the edge of your network (firewalls, for example), within your network, and at each individual host computer. A fundamental means of securing the network and data within, is through appropriate use of passwords. Username and password combinations form the backbone of network and data security because this combination of information forces network/data users to prove they are who they claim to be. Without usernames and passwords, anybody can access a network, or data on a given machine.

 

As for Sage ACT!, if you are not enforcing a password at the database level, then a person using your machine could open the program and have access to data. In a web or shared database situation, others that have network access, could launch Sage ACT! and log in to the shared database as another user providing he/she can figure out a valid username. So, to protect data, Sage ACT! Administrators should enforce a password policy that encourages strong passwords. Typically a strong password:


  • Consists of mixed case, alphabetic, numeric, and ideally special character combinations.
  • Is minimally between 6-8 characters.
  • Is not easy to guess if the person knows a little about you (birth date, spouse’s name, kid’s names, etc.).
  • Is not found in the dictionary.
  • Is not merely an increment of a previous password (ACT!2012, ACT!2013, ACT!2014, etc.).

 

Some additional considerations:


  • If you must write your password down, put it in a secure place, or better yet, simply write down a password hint rather than the actual password.
  • Do not store it on your computer in an un-encrypted file. There are many password storage tools that will store all your passwords in an encrypted file/database. Some examples include: Password Safe, or Access Manager.
  • In Sage ACT!, Administrators may use Tools > Password Policy to manage password settings such as complexity, and how frequently passwords should be changed. Please see the Help files for more information about this tool.
  • In Sage ACT!, if you have not shared your database, and it is a single user database, you may not be prompted to enter your password. Write it down (keeping in mind previously mentioned tips!), and store it in a secure location.
  • When upgrading a database to a new version, you will need the Administrator user name and password for the prior version database to successfully upgrade.
  • If you change your main Sage ACT! password periodically, you will also need to update passwords that may be stored by third party add-ons, and/or scheduled tasks in Sage ACT! Scheduler.

 

If you have other tips regarding best practices for password management, please share them in the comments! Next week I’ll give you a couple resources for troubleshooting lost/forgotten passwords. In the meantime, evaluate the effectiveness of your passwords!

 

Comments
by
on ‎03-24-2012 07:12 AM

A couple of suggestion for enhancing this:

 

1. An Auth method in the SDK ... so that once a plugin has been granted access to an account or to the database, it can maintain the connection even if the user changes the password. Right now, the use of addons (even simple Sage ones like the Outlook address book) makes it far to complex to require regular password changes

 

2. An additional Admin account (without requiring a license). This would allow sites to have administrative tasks (like maintenance, backup, sync, editing user accounts) controlled by IT or a Consultant without needing to have one of the users with admin access.

 

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Australia
http://about.me/GLComputing
http://Blog.GLComputing.com.au
http://twitter.com/GLComputing

GL Computing Facebook Page - http://www.facebook.com/GLComputing
LinkedIN ACT! Fanatics Group - http://www.linkedin.com/groups/ACT-Fanatics-49896

Labels