This is why we’re moving to the Azure AD capability of Epicor, which does have notifications and self-service reset.
1 Like
The newest NIST recommendation, Re: Password Expiry, is finally arriving at what everyone knew … ‘It is far safer to have complex and memorized passwords and not have expiry than to have expiry and essentially force people to choose simple and lower complexity passwords for survival.’ ( NIST SP 800-63 Digital Identity Guidelines-FAQ )
I also wanted to mention that there is a new recorded webinar on DMT by Gary Parfrey, one of the authors, at on the EUG : Data Migration and Management Concepts. ( https://www.epicorusers.org/viewwebinar/2019-03-27-data-migration-and-man ). Check it out!
6 Likes
Now if the industry can outlaw knowledge based password resets we may make progress.
Azure Ad or similar are a wonderful approach. The AI system behind Azure Ad is quite good.
1 Like
So my last 5 password changes didn’t help with security? I was certain these would be uncrackable…
Pa$$w0rd
Pa$$w0rd1
Pa$$w0rd2
Pa$$w0rd3
Pa$$w0rd4
Also, from the link…
Q-B6: Are password composition rules no longer recommended?
A-B6: SP 800-63B Section 5.1.1.2 paragraph 9 recommends against the use of composition rules (e.g., requiring lower-case, upper-case, digits, and/or special characters) for memorized secrets. These rules provide less benefit than might be expected because users tend to use predictable methods for satisfying these requirements when imposed (e.g., appending a ! to a memorized secret when required to use a special character).
Nothing beats LONG passphrases. I usually use three words and a date or number that are related but known only to me. A persons names, their favorite food, their pets name, birthdate or anniversary, etc.
It drives me nuts when sites limit me to 8 or 12 digits. My passwords usually go to upper 20s to mid 30s. A brute force will usually be survived with that many digits until a recycle of passwords is required.
2 Likes
So do you use a password service or something then? Certain applications require that password every time you use it. If I were to use a password that long I would have carpal tunnel by the end of the day! Haha.
I do use 1Password more and more. If it’s good enough for Troy Hunt… 
And typing the phrases as a sentence is not near as bad as trying to deal with L33T spe@ak tYp1ng goofiness folks running sites seem to encourage.
1 Like
I use LastPass and love it
5 Likes
Coincidentally, I just received a request to pull some old V6 methods in E10.
Bill of Operations test of single row sits at 0% for several minutes
- finally receive this error: “Column ‘CreatedOn’ does not belong to PartRev”.
Now I’m wondering if this is a version issue too - DMT 4.0.400 with E10 10.1.400
I’m (pretty) sure I successfully used all the same templates/processing steps with previous DMT versions.
I found that I had to go back to Version 4.0.35 for bills of operations -
When I set it for 4.0.41 the estimated time was 21 days, 4.0.35 was 2 hours
I have gone to the point of having a folder for each version next to my Client folder so it is easy to swap in the correct version.
It would be nice if Epicor included revision history with the DMT downloads like the updates for the product do …
The DMT folder only shows …
And the zip files those links point to only have…
1 Like
Confirmed version bug.
- Found a workstations with DMT version 4.0.38.0 running… no errors there
- before finding this out, had already opened a case with Epicor … to continue.
1 Like
I rolled back to a previous version and use it only for the templates that are failing on the current version.
I second that
1 Like
Epicor sent a zip file of DMT version 4.0.33.0 to use with E10 10.1.400
I opened a ticket as well for buggy DMT 4.0.41.2 - I too was able to revert to 4.0.39.0 and things worked again.
I think the most frustrating part about DMT is that there are no release notes. I have no idea the scope of what I’m getting into when I upgrade it.
1 Like
Have you tried just clicking on the check for updates having the update dialog popup and clicking cancel if you don’t want to update? 
By the way there is a new version as of the 08/04/2019…Might also be worth mentioning that you can setup alerts on the downloads page to tell you when things change for DMT.
3rd … for years, fantastic product!
You’re correct! I had not seen that. But as you can see, things don’t always work as advertised. 
Still, it would be nice to see this like everything else, in a separate doc.
We’ve had firewall issues in the past that stopped us from accessing this. We are not using 10.2.300, but I do have a demo environment spun up. I only have .40 as the oldest for 10.2.300. I’ll test it and see.
Cheers