Our company underwent an financial software audit and the auditors replied with a couple of security concerns. We currently have Sage 300 on our network and use Windows Authentication. Network passwords are changed every 90 days and must abide by the latest password complexity rules (i.e., minimum password length, uppercase, lowercase, numbers, special characters, etc.). Network users are also assigned security rights to the Sage folders.

The auditors suggested that as another level of security, have the software generate an access code to be sent to the user's e-mail or cell phone to then be entered before the user can access company data. I have only seen this approach used with encrypted e-mails, but not for network applications. I guess you can never have enough layers of protection, but just wanted to put it out there for consideration.

Comments

  • The Sage300 webscreens need windows auth, LDAP, SAML2, etc as well. Currently (2020) webscreens only support username + password. This limitation is halting uptake for some of our clients.

  • This original idea was logged 'over a year ago as at June 2020.