Michael Shaheen

ACTION REQUIRED: Password Strength Requirement Change

Blog Post created by Michael Shaheen Employee on Jul 31, 2020

Over the course of the next 4 weeks Sugar Integrate will be undertaking security enhancements that will benefit all users of the platform. A direct impact of these changes is that on or before these deadlines all user accounts must update their passwords to comply with our updated more strict password requirements. This requirement to update user passwords will have no current impact on using the Platform APIs or existing Authorization Header tokens, but if passwords are not reset by these deadlines then users will be locked out of the Sugar Integrate user interface until they reset their passwords with the assistance of the Support team.

 

Required Action:

All basic auth user passwords (e.g. User + Password, non-SSO users) must be updated to have Excellent UI passwords that comply with the following standards:

  • at least 10 characters
  • at least 3 of the following 4 types of characters:
    • a lower-case letter
    • an upper-case letter
    • a number
    • a special character (such as !@#$%^&*)
  • Not more than 2 identical characters in a row (such as 111 is not allowed)

 

How to Reset a Password in Sugar Integrate

Reset all non-Excellent user passwords either by logging into the Sugar Integrate UI to reset (Reference Link) or by performing a call to POST /authentication/passwords (Reference Link) with the users’ auth headers. The third method of resetting your password is by navigating to the reset password screen for the appropriate environment. Here are those links:

 

Note that users who already have Excellent passwords will not need to take any action. Note that users with weak passwords who do not update their passwords by the specified deadlines will be unable to login to the UI and will need to go through the “Forgot Password” flow to regain access to their account.

 

Deadlines:

Staging - August 14, 2020

Production - August 28, 2020

Outcomes