Hey all,
I haven't seen anything in Epicor, or in searching this group regarding this so I'll ask the question:
Is there any way to set different rule requirements on Epicor User Account passwords? I'm thinking rules such as minimum number of characters, requiring mixed characters (lower/uppercase, numbers and symbols), not allowing the same password after a password expires, etc.
For our annual IT audit, the auditors are hounding me a bit on the security of our Epicor User Accounts, hence the need for this.
What have you all done to solve this problem? At this point we are using the built-in Epicor authentication; I'm planning on moving to SSO (single sign on) with our AD once we upgrade to Epicor 10 later this year—which would definitely take care of this issue.
But is SSO/AD the only way we have to ensure strict password requirements for Epicor User Accounts? I'd love to hear your feedback/experiences on this!
Thanks in advance,
Ben Ahlquist
Jose C Gomez
T: 904.469.1524 mobile
Quis custodiet ipsos custodes?
On Fri, Feb 13, 2015 at 1:03 PM, benahlquist@... [vantage] <vantage@yahoogroups.com> wrote:Â<div> <p></p><p><span>Hey all,</span></p><p><span><br></span></p><p><span>I haven't seen anything in Epicor, or in searching this group regarding this so I'll ask the question:</span></p><p><span><br></span></p><p>Is there any way to set different rule requirements on Epicor User Account passwords? I'm thinking rules such as minimum number of characters, requiring mixed characters (lower/uppercase, numbers and symbols), not allowing the same password after a password expires, etc.</p><p><br></p><p>For our annual IT audit, the auditors are hounding me a bit on the security of our Epicor User Accounts, hence the need for this.</p><p><br></p><p>What have you all done to solve this problem? At this point we are using the built-in Epicor authentication; I'm planning on moving to SSO (single sign on) with our AD once we upgrade to Epicor 10 later this year—which would definitely take care of this issue.</p><p><br></p><p>But is SSO/AD the only way we have to ensure strict password requirements for Epicor User Accounts? I'd love to hear your feedback/experiences on this!</p><p><br></p><p>Thanks in advance,</p><p>Ben Ahlquist</p><p></p> </div> <div style="color:#fff;min-height:0;"></div>
On Fri, Feb 13, 2015 at 1:25 PM, benahlquist@... [vantage] <vantage@yahoogroups.com> wrote:Â<div> <p>Thanks for the quick response Jose!</p><div><br></div><div>So do you tend to see folks go two basic routes?</div><div><br></div><div>1.) Use Epicor authentication and don't worry about strict password rules</div><div><br></div><div>2.) Use SSO and pass on the strict password responsibility to Active Directory</div><div><br></div><div>I'm just trying to gauge what the common practice is here.</div><div><br></div><div>Thanks,</div><div>ben</div><p></p> </div><span> <div style="color:#fff;min-height:0;"></div>