Irrespective of the technological expertise, one thing we all can relate to is the frustration and inconvenience of being forced to change the password. The timeline for password change varies between different systems, still, it’s one inevitable task that no one likes to complete – and NetSuite is no exception.
If you are also one frustrated soul, wondering how to change password in NetSuite, then you should keep reading.
In this blog, we will be briefly covering the steps for NetSuite change password, while also listing some best NetSuite login practices to follow in 2020.
NetSuite Change Password
If you have purchased the NetSuite account, you can visit the below URL to visit the NetSuite Login page.
Once you are on the page, you would be required to enter the email address and password.
As a security measure, you may be asked to change your password after the initial login (if it’s your first time logging into the account). The NetSuite change password after the first login is a security measure and should be taken seriously. Nonetheless, as a first-time login, you would be directed to a NetSuite change password page, where you would be required to submit the “current password” and “new password”.
The criteria of the “new password” would be determined by the administrator. For instance, you may be forced to select an alphanumeric password with at least one capital and one small letter, and so on. Nonetheless, the precise criteria of setting “new password” will be mentioned on the NetSuite change password page.
In case you are an administrator of the NetSuite account and wish to define/change the criteria of NetSuite Change Password, you can visit; Set Up > Company > General Preferences.
Alternatively, if you are looking for steps on how to change password in NetSuite while being logged into, you would require to click “Change Password” from the Setting Portlet.
In case you have forgotten your password, you would need to click “forgot your password”, from the Login page. In this case, you would need to submit your valid email address, where NetSuite will send a link that to change the password. After clicking the link, you will be required to fill out the “Security Questions” to be able to renew the password.
An important step of the query, “how to change NetSuite password” is filling the security questions. It’s important because the security questions will be used to retrieve passwords in case you forgot.
You will be required to keep your security questions at the time of the first Login. If you don’t wish to keep security questions immediately, you can click “Remind Me Later”. And while this is a valid option, it is recommended to complete this step immediately.
When keeping security questions, make sure these are rational, memorable, and easy to understand. As mentioned earlier, you would need to remember the security questions in case you forgot your password, or in case you are logging from a new device, or you have enabled double authentication.
If you wish to update security questions at any point in time, you can click “update Security Questions” from the Settings Portlet on your Dashboard.
In any case, where you don’t remember your password or security questions, the Administrator of your NetSuite account has the right to change the password through the employee record.
NetSuite Login Best Practices
Ok now that we are done with the NetSuite Password Change steps, let’s briefly check out some best NetSuite Login Practices to implement in 2020;
Enforce IP Restrictions
NetSuite allows the administrators to control the accessibility of the account through IP addresses. This means that even in case of login theft, the attacker won’t be able to access the NetSuite account using an unauthorized IP address. All-access requests from an unauthorized IP address will be blocked by the system automatically.
To enable the IP restrictions, the administrator would have to set the restriction by visiting; Setup > Company> Enable Features. Here, you will find a “Checkbox” under the “Access” header which you can check to enforce the IP restrictions.
Once you have checked the “Access” header, you will need to visit the Setup> Company> Company Information. Here, you will find the “Allowed IP Addresses” field below the “Time Zone”. Administrators can use this field to inform NetSuite about the authorized IP addresses, upon which all other IP addresses will be restricted for access.
Use Strict Password Settings
Another best practice to secure unauthorized access to your NetSuite account is to set strict password settings. Given the widespread cybersecurity concerns and the increasing stress of password policies, NetSuite enables administrators to set up preferred Password Criteria.
As a best practice, the administrators should enforce strict criteria including long password requirements with adequate complexity. For instance, users should be forced to create a longer password for the account, as well as, use alphanumeric codes with capital and small letters included. Remember, the more complex the password, the more secure your account.
Login Password Settings
Here are some best login password settings which can be enforced by administrators to minimize the risk of account breach in 2020;
- The length of the password is more important than the complexity. For instance, “D_%$Vck$” may seem to be a highly complex password to breach. However, in reality, it’s only hard for the user to breach, and easier for the computer to guess
- Don’t set frequent password expiry. While frequently changing the password seems a good measure to minimize breaching concern, changing the password too frequently would only make it harder for users to remember the password. This, in turn, would add to the responsibilities of administrators, who would be required to reset the password for users
- Complexity is still important. The key here is to not overdo it. As mentioned earlier, an overly complex password will only make it harder for the users to remember, resulting in frequent locking of accounts
Use Two-Factor Authentication
Two-factor authentication is the perfect backup plan to minimize the chances of a stolen NetSuite account. The Two-factor authentication process includes double verification of identity before you are able to login into the account. This dual account verification process may include a password, along with a verification code sent on mobile or email.
By setting up two-factor authentication, users can be sure that even in case the account password is hacked, the hacker won’t be able to login into the account without the other identity verification. NetSuite enables two-factor authentication settings on all “Highly Privileged” accounts by default, which represents privileged roles like “administrator” and other roles. This is important because any breach into account of these roles can be lethal for businesses.
Apart from the auto-setup of two-factor authentication for “Highly Privileged” roles, administrators also have the option to enable dual authentication on any user account which they may deem necessary.