User Password Security Enhancement

By | November 29, 2019

As we all know Sage CRM, provides security for passwords as it uses to encrypt and decrypt processes while retrieving data from the database and display on the form. And another way we can use bcrypt algorithm method for user passwords with high security which generate hashes for user passwords.

New Stuff: Enabling workflow on custom tabs

In Sage CRM 2019 R1 has this feature, and by default this is enabled as Yes to change this configuration follow the below steps in CRM.

  1. Log in to Sage CRM.
  2. Navigate to below path.
  3. Administration | Users | User Configuration.
  4. Refer below screenshot to modify the settings.
  5. Save the screen.
User Configuration
User Configuration

When Use Dynamic Password Hash Cost is set to.

  • Yes, it enables optimum password hash strength based on the Sage CRM server hardware capabilities. Provides increased security but consumes more system resources because it increases the number of hashing rounds used to generate a password hash.
  • No (not recommended). Disables optimum password hash strength. Provides weaker security (less hashing rounds) but frees up system resources. System administrators might want to set this value to speed up the system performance. For example, when there is a significant number of simultaneous Sage CRM user logons.

Encrypting data is a two-way mechanism and works well in systems where you need to retrieve data and display it in its original form.

Hashing in Sage CRM 2019 R1 uses the bcrypt algorithm to convert passwords into a unique string. The important thing about hashing is that this is a one-way method.

So when we check a password in Sage CRM, the password is not ‘decrypted’ and compared with the plain text example. Instead to compare a password, when a user logins on, the same bcrypt hashing operation is performed on the password the user has entered and then this is compared with the previously hashed version stored in the database. If they’re identical, the password is verified.

bcrypt hashing function adds a “salt” to the password. In cryptography, a salt is random data that is used as an additional input to a one-way function that “hashes” data. The bcrypt algorithm is applied only when a user password is changed. This means that existing user passwords are not re-hashed using bcrypt after upgrading Sage CRM.

User Login
User Login

Therefore you may wish to consider forcing users to change password at next login after an upgrade. This can be done by running a simple script within the database.

update users
set User_MustChangePassword = ‘True’

About Us

Greytrix – a globally recognized and one of the oldest Sage Development Partner is a one-stop solution provider for Sage ERP and Sage CRM organizational needs. Being acknowledged and rewarded for multi-man years of experience and expertise, we bring complete end-to-end assistance for your technical consultations, product customizations, data migration, system integrations, third party add-on development and implementation competence.

Greytrix has some unique integration solutions developed for Sage CRM with Sage ERPs namely Sage X3Sage IntacctSage 100Sage 500 and Sage 300. We also offer best-in-class Sage ERP and Sage CRM customization and development services to Business Partners, End Users and Sage PSG worldwide. Greytrix helps in migration of Sage CRM from Salesforce | ACT! | SalesLogix | Goldmine | Sugar CRM | Maximizer. Our Sage CRM Product Suite includes addons like  Greytrix Business ManagerSage CRM Project ManagerSage CRM Resource PlannerSage CRM Contract ManagerSage CRM Event ManagerSage CRM Budget PlannerGmail IntegrationSage CRM Mobile Service Signature and Sage CRM CTI Framework. Greytrix is a recognized Sage Champion Partner for GUMU™ Sage X3 – Sage CRM integration also listed on Sage Marketplace.

For more information on our integration solutions, please contact us at sage@greytrix.com. We will be glad to assist you.

Greytrix a globally recognized Premier Sage Gold Development Partner is a one stop solution provider for Sage ERP and Sage CRM needs. Being recognized and rewarded for multi-man years of experience, we bring complete end-to-end assistance for your technical consultations, product customizations, data migration, system integrations, third party add-on development and implementation expertise.