Fast Tip Friday: Best Practices for Managing Your Password in Sage ACT! #SageACT
bybwhalen_sage03-23-201208:29 AM - edited 03-23-201208:55 AM
It’s always tricky to balance security and ease of use, but depending on the importance of the data, coupled with the risk of compromise, it’s worth evaluating how well you are securing your Sage ACT! data. Over the next few weeks, I’ll share some best practices regarding security, as well as resources you may use to troubleshoot some security related issues such as a lost/forgotten Sage ACT! password. Let’s start with a few best practices for creating a strong password.
Protecting Your Data with Passwords
Security is best applied in a layered approach, with security measures applied at the edge of your network (firewalls, for example), within your network, and at each individual host computer. A fundamental means of securing the network and data within, is through appropriate use of passwords. Username and password combinations form the backbone of network and data security because this combination of information forces network/data users to prove they are who they claim to be. Without usernames and passwords, anybody can access a network, or data on a given machine.
As for Sage ACT!, if you are not enforcing a password at the database level, then a person using your machine could open the program and have access to data. In a web or shared database situation, others that have network access, could launch Sage ACT! and log in to the shared database as another user providing he/she can figure out a valid username. So, to protect data, Sage ACT! Administrators should enforce a password policy that encourages strong passwords. Typically a strong password:
Consists of mixed case, alphabetic, numeric, and ideally special character combinations.
Is minimally between 6-8 characters.
Is not easy to guess if the person knows a little about you (birth date, spouse’s name, kid’s names, etc.).
Is not found in the dictionary.
Is not merely an increment of a previous password (ACT!2012, ACT!2013, ACT!2014, etc.).
Some additional considerations:
If you must write your password down, put it in a secure place, or better yet, simply write down a password hint rather than the actual password.
Do not store it on your computer in an un-encrypted file. There are many password storage tools that will store all your passwords in an encrypted file/database. Some examples include: Password Safe, or Access Manager.
In Sage ACT!, Administrators may use Tools > Password Policy to manage password settings such as complexity, and how frequently passwords should be changed. Please see the Help files for more information about this tool.
In Sage ACT!, if you have not shared your database, and it is a single user database, you may not be prompted to enter your password. Write it down (keeping in mind previously mentioned tips!), and store it in a secure location.
When upgrading a database to a new version, you will need the Administrator user name and password for the prior version database to successfully upgrade.
If you change your main Sage ACT! password periodically, you will also need to update passwords that may be stored by third party add-ons, and/or scheduled tasks in Sage ACT! Scheduler.
If you have other tips regarding best practices for password management, please share them in the comments! Next week I’ll give you a couple resources for troubleshooting lost/forgotten passwords. In the meantime, evaluate the effectiveness of your passwords!