Due to the rampant nature of cyber threats lurking in the Internet, it is important to be proactive about password management. Sugar is equipped with a number of password management capabilities that allow administrators to secure the use of their SugarCRM application. At the most basic level, Sugar allows administrators to set password requirements for stronger passwords. In addition, Sugar is also equipped with more advanced tools to help reinforce stricter and even more stringent measures with regards to the use of passwords. Here are the some of the password management tools available for use in the SugarCRM application: 1. Password Requirements Panel SugarCRM has a Password Requirements panel that lets administrators configure minimum and maximum lengths of passwords, as well as what characters are required in passwords. Filling in either the Minimum Length or the Maximum Length will force a requirement for your users to have passwords that strictly abide by the set character limit. Additionally, administrators can also force character requirements on users' passwords. They can specify whether users should include upper case letters, lower case letters, numbers, or special characters in their passwords. 2. System-Generated Passwords Once this feature is enabled, administrators can automatically generate random passwords to newly created users. This will be sent via email. The System- Generated passwords feature is also enabled whenever a user opts to click the Reset Password button in his or her profile. 3. CAPTCHA Validation As an additional precaution, administrators are recommended to enable the CAPTCHA validation feature to prevent automated programs and spam users from gaining unauthorized access to user accounts. When this feature is enabled, and when a user attempts to use the Forgot Password feature, they will have to confirm a CAPTCHA, in addition to providing their user name and primary email address. Here are the steps on how to enable the CAPTCHA for the Forgot Password menu: • Create an account with reCAPTCHA from the reCAPTCHA website at http://recaptcha.net/ • After creating an account, save your Public Key and Private Key which will be entered into Sugar • In Sugar, navigate to Password Management and the "User Reset Password" panel • Click the checkbox to Enable reCAPTCHA Validations • Enter the Public Key and Private Key in the fields provided 4. Login Lockout In order to prevent unauthorized logins, Sugar also includes a configurable lockout function. This means administrators can define a specific amount of unsuccessful attempts that a user can log in before the system disallows any further logins. Administrators can configure a given amount of time before the restriction is listed. This can either be in minutes, hours, or days. To configure Login Lockout, click the radio button next to "Lockout users after _ un-successful login attempts" and fill in the amount of attempts and define the timeframe. Keep in mind that when a user has been locked out, the user must wait until the set timeframe has passed. The only way to manually allow a user to log back in is by clicking the Reset User Preferences button found in the user's profile. Security is important no matter what system you are using. But keep in mind that when you are using SugarCRM you hold a lot of valuable information in one place so you want to make sure your security and passwords are up to date. If you have any questions on how to keep your CRM safe contact us, our team can help you protect your data!