Select Page
Getting QWERTY with Password Management

Getting QWERTY with Password Management

Before the Time Runs Out!








Common Password Management Security Mistakes

qwerty, password, 12345, iloveyou, 111111, 54321

An average individual comes into daily contact with a variety of personal apps, websites, remote connections and enterprise applications. And this concoction of connections brings with it a variety of access and authentication requirements. Successfully navigating the gauntlet of our digital world, especially when going public, private, or hybrid cloud, without exposing yourself to significant security risks can be a challenge. In practice, the vulnerabilities are pronounced. A quick look at the most common passwords of 2018 is concerning: 123456, password, 123456789, 12345, 111111, 1234567, sunshine, qwerty, iloveyou.

Access management has become the norm

The challenges of managing one’s passwords are complicated by the differing requirements of different platforms—password conventions, expiration cycles and authentication methods make the task of organizing one’s suite of credentials daunting. One cans see how these challenges lead people to simplify their passwords, sacrificing security for simplicity.



Password proliferation has become the norm. With every new app, website and device that we commandeer, there’s new access information created. Moreover, many of these systems require a periodic reset. Keeping track of all of these passcodes can be likened to taking a mnemonic census of an anthill.

Archimedes once said that if only he had a solid rock on which to stand, he would move the earth.

If you assume that your passwords are a firm footing, prepare to have your assumptions rocked. It is believed that up to 80% of common hacking activities are due to compromised credentials, mostly in the form of stolen usernames and passwords. Worse still, IT Managers report 73% of all passwords used are duplicated in multiple applications. When people use the same password for multiple systems, having one password exposed may compromise the whole network of applications. Luckily, password management doesn’t mean you have to buy a walk-in safe to store your password diaries. To keep it simple, here are a few tips to memorize as a starting point for improved password management:

  • Never use the same password twice
  • Never write down your passwords
  • Never share your passwords with anyone else
  • Never use real words or known information about yourself in your passwords
  • Avoid commonly used passwords

The last bullet is especially salient—50% of all attacks involve the top 25 most used passwords, proving there are risks involved in “getting qwerty” with your password management procedures.

Need a more sophisticated password management plan?


Let’s talk password management solutions and multi-factor authentication, two great ways to prevent getting hacked.

  • Password Manager: A password manager solution, such as SolarWinds’s PassPortal, allows you to store all of your passwords in one place. This makes managing and remembering all of them much easier. Make sure your password manager solution is itself password protected, preferably with multi-factor authentication.
  • Multi-factor authentication: Multi-factor authentication is the use of additional forms of authentication in conjunction with a traditional password. This most often takes the form of a shared key, sent to a separate device, or calculated through a common authentication application. This makes it difficult for a compromised password to compromise the application. Enable multi-factor authentication wherever possible, but make sure your secondary authentication source is equally secured with a strong password—failure to do so is like having a biplane write your shared key in the sky.



Random password generators can also help create passwords, but the results are often long random jumbles of characters and quite difficult to remember. Unless you can recite the longest word in the world from memory, you might want to use these password management tools in conjunction with a password management solution. If you’re a business owner trusting dozens or hundreds or thousands of employees with sensitive information, then a managed IT solution that includes password management will definitely be the safest way to interact with the millions of letters, numbers and characters that are involved in the multitude of passwords that access the data of your systems.



Epicor BAQ: Returning Too Much of a Good Thing

Epicor BAQ: Returning Too Much of a Good Thing

Epicor BAQ

The Epicor BAQ (Business Activity Query) toolset allows you to leverage the mounds of data that your system generates. But the problem with mounds of data is its volume—when we say mounds, we mean… mounds. As such, Epicor has built in a feature to its BAQ designer to limit the number of rows returned.


This feature prevents a “runaway query” from tanking a company’s performance. This functionality was especially helpful when I first delved into queries, as it prevented me from needlessly tanking my environment. Looking back at some of my early queries, they certainly were tank-worthy.


But for experienced Epicor users working with large datasets, this limitation can be… well, limiting. When a query generates a dataset that is more than 10,000 rows, the following warning message displays:


Severity: Warning, Table: , Field: , RowID: , Text: Test results are forcibly limited to 10000 rows to prevent the application server memory overload:


Activity Query Epicor BAQ


This can be immensely frustrating to Epicor super-users, for there are cases when the entire dataset needs to be returned, to gauge the efficacy of a given BAQ. In the past, the workaround to this limitation was to embed the BAQ in a dashboard, as the 10K row limitation disappeared when the BAQ was part of a dashboard.


But such an additional step seemed like an unnecessary contrivance—scaling the fire escape when all you needed was a step ladder.


Fortunately, Epicor modified the BAQ designer to allow the person creating the BAQ to modify the Execution setting that limited the number of returned rows. The steps to make this possible are below.


From the Actions menu, select “Execution Settings”:


Activity Query BAQ Execution


Click the new icon to create the new execution setting.


This creates a new execution setting that needs to be defined. Then you can perform the following additional steps:

  • For the “Setting Name” select “RemoveTestRowLimit”
  • Set the Setting Value to “True”
  • Check “Persist In Query”
  • Click OK:
BAQ Query Test Execution


Thereafter, the BAQ will return all the available rows:


Epicor Activity Query Designer


The execution setting needs to be defined for each query for which you wish to return more than the default number of rows. Make sure to save the query after the execution setting has been defined.


Ready for a quintessential query?


Successfully navigating the Epicor application is rarely a matter of taking one great leap forward. More often than not, it is a series of small, incremental steps. With Epicor BAQ, your goal is to take your data and turn it into information—without getting lost in the volume.



To learn more about Epicor management and administration, please watch our video on cloud ERP by clicking here.

Part Master Best Practices? Ask Brad

Part Master Best Practices? Ask Brad

Part Master Questions

Epicor Part Master Q&A

Q: What are some of the first things that someone should consider when setting up parts in Epicor?


A: We could have a long, harrowing conversation about part naming conventions, but arguments over part naming philosophies have ruined more friendships than heated discussions over the latest Star Wars movies—so I’m going to leave that one alone. In terms of Epicor part master setup, probably the first and most important consideration is the Non-Stock checkbox. The Non-Stock Flag is one of those “big-little” checkboxes that drive a ton of downstream behavior. This one flag will affect how a part will be handled on a sales order, a purchase order, and a job, whether as the top-level assembly or as a component material, and basically determines whether the related transaction will be processed through the system’s inventory module or processed directly in a “to-order” manner. This flag is fundamental for companies looking to operate in mixed-mode manufacturing. Most companies, even companies working in highly-engineered environments, rarely intend to manufacture all components “to-order.” Often there are economies of scale to consider, and components can be used on a broad array of higher-level assemblies. As such, some parts will be handled in a “to-order” manner, while others will follow a traditional inventory-based approach. For that reason, we have to place special consideration on the setting of the Non-Stock flag.



Q: Phantom BOMs are a topic of disagreement—do you have any recommendations on the use of Phantoms?


A: In general, a phantom is a part that carries a method of manufacture, but is not itself manufactured discretely. Rather, the part “explodes” when it belongs in a work order—the top level part disappears and is replaced by its components. Phantoms really are system-specific, for the rules for handling phantoms differ by ERP system. Within Epicor, a few general rules could be suggested when deciding if a part will be flagged Phantom BOM. Firstly, if a part is stocked, it should not and cannot be flagged Phantom BOM, as it is assumed that a phantom part not be stocked. Also, if a part is made independently from its parent, in a different place and at a different time, it should not be flagged Phantom BOM—it should be either a material or a subassembly, so its manufacture can be managed independently from its parent. When component parts are made at the same time and place as their parents, I’ve seen customers use phantoms to manage the components, to simplify production, while retaining the basic product structure defined by engineering.



Q: More specific to Epicor, the Pull-as-Assembly flag is a source of confusion and disagreement—do you have any recommendations on the use of the Pull-as-Assembly flag?


A: A Method-of-Manufacturing defined for a Part Revision can differ significantly when you pull the revision into a Job and get details. These differences are largely due to the Pull-as-Assembly flag. This flag essentially defines whether a component part will be manufactured independently from its parent part, or as part of the same Job as its parent, as a subassembly. One can suggest a few principles when choosing to flag a part as Pull-as-Assembly. If the part is stocked, do not flag the part Pull-as-Assembly, as you will be supplying the material from your on-hand inventory. If the component part in question is Non-Stock, and the intent is to supply the materials through a separate Job, uncheck the Pull-As-Assembly flag. But if you wish to supply the Non-Stock part with a subassembly, allow the Pull-as-Assembly flag to remain checked.



Q: Can you explain how the settings on the part master flow through to a bill of materials and ultimately to a work order?


A: It’s easier to explain this with a visual…


Part Master Flow

Please fill out the form below to get a white paper on Epicor Part Setup and Best Practices sent right to your inbox!

Get an Epicor ERP Part Setup & Manufacturing Best Practices Whitepaper Today

IT Services in a 1 + 1: 4 Signs You Need Managed IT

IT Services in a 1 + 1: 4 Signs You Need Managed IT

The word “outsourced” makes some business owners curious and others nervous when it comes to IT services. “MSP” is another term floating around, and you might also come across “IT-in-a-Box” when you go looking for help with your systems. Managed IT (our favorite code phrase) can mean a lot of things. If you’re a manufacturing or distribution company, then IT services might mean, among other things, industry-specific Cloud or Hosting platforms.

IT Services

When Nobody Sees the IT Stop Signs


When it comes to your ERP and IT systems, you need effective stop signs that work both internally and externally. Your cybersecurity infrastructure can keep your team safe and productive while also keeping the bad guys out. Cybercrime is a 1 + 1 relationship. If you didn’t have a team to be hacked, then you wouldn’t ever need to worry about adding a hacker to your network. 

  • Stop Sign 1: Your company’s IT services need to ensure that your employees are traveling through safe pathways and that they know when to stop before falling into the webs of ransomware or other destructive malware.
  • Stop Sign 2: Your team’s mobile devices, laptops and desktops all make friends on a daily basis. This is essential for business growth. Because of this, IT services ideally provide a clear STOP sign for potential trespassers—a bold indication that cyber tricksters will not be tolerated, even on the fringes, and will not be unknowingly welcomed in by your team.  

A Wanted Man or a Wanted Spam?


But how do you know if your system has a “Most Wanted” sign that’s attracting criminals rather than telling them you already know they’re the lawbreakers? When it comes to business, you’re continually building relationships, and hopefully these become lifelong friendships. You trust your most valuable data to your IT talent. When it comes to managed IT services, business owners and other decision-makers might squint at the cyber lineup and not know whom or when to choose.  Here are 4 signs your staff would benefit from a partnership with a managed IT and cybersecurity firm:

  • High-value IT projects, best done internally, are distracting your key players or forcing them to work long hours.
  • IT operations are unpredictable or unreliable, causing project or system failures, yet you don’t want to grow or change your employee pool.
  • IT costs are variable or steep, and you’d like a more predictable budget.
  • Security and compliance issues are overwhelming your team.


Every second of the day you rely on experts to protect you. The meteorologists warn you of bad weather. The firefighters alert you when it’s a fire risk to roast a s’more. The doctors warn you of heart attack predisposition. In regard to IT, the challenges you face include ransomware that could destroy the business you’ve worked so hard to build. This holds true whether you’re a DoD manufacturer, a medical clinic, an accounting firm, a lollipop distributor, a small-town bank… the list goes on. Because the hackers are always available to friend you, you’re always risking adding them to your inner circle, making your 1 + 1 relationship one of IT enemies, rather than friends. A 1 (your team) + 1 (EstesGroup Managed IT services team) relationship will keep your IT math simple, your budget profitable, and your company safe.


Are you looking to add a friendly IT expert to your network? Is your IT department working overtime to keep up with security, compliance, updates, backups or other system projects on your company table? Chat with us today!

Epicor Engineer-to-Order at Your Service

Epicor Engineer-to-Order at Your Service

The Role of Order Entry in ETO and CTO Environments

Epicor Engineer-to-Order environments are their own special breed. Based on an almost infinite notion of product variability, their business models are hard to shoehorn into an ERP system. I once had a job shop employee describe his product variability with ultimate pliancy: “If they want us to wrap it in toilet paper, we’ll wrap it in toilet paper.” That would be a costly proposition these days. In light of this, I often get requests from my customers for “best practices” in handling various Epicor ETO environments.

Epicor Engineer-To-Order

The If-Then-This-That of E10

When it comes to questions regarding Epicor Engineer-to-Order, I always preface my answers with a de facto “it depends” before diving deeper into all the variables at play. Best practice for one company might not be the same for another. Ironically enough, it is almost as if I need to configure an answer for my customer, and discussions tend to take on the following format: “If this and that and/or this or that, then do this…”


One such question came to me recently from an Epicor customer, with regard to the role of Order Entry/Customer Service employees in an Engineer-to-Order organization. The company was debating the benefits and liabilities of having their inside sales staff perform rudimentary engineering activities as part of the entry of a sales order. In such companies, product details tend to arrive comparatively late in the quote-to-cash cycle, and the folks responsible for pounding in the orders often find themselves as the purveyors of this information, as received from the customer. These changes often require tweaks to manufacturing methods for a given product, and companies struggle in determining who should own these changes.


The In-the-Know of ETO

Who do you know on your team who could best own these changes? As I’ve noted above, “It depends.” But what does it depend on? I can think of a few of the variables that you would consider when deciding whether Order Entry should handle Engineering tasks:

  • Technical efficacy and product knowledge of the Order Entry team: The higher the efficacy, the more liberties you can give someone to alter MOMs when quoting. In some environments, where the estimators are highly technical, Engineering is strictly focused on new product development, and Sales owns what is sometimes called “project engineering.” In other environments, this role is staffed by folks in the engineering department.
  • Complexity of the product: The higher the complexity, the less you’d want Order Entry muddling with the engineering of the product. In low-complexity job shops, I’ve seen order entry or customer service staff handle the engineering implications of order changes.
  • The implementation of Epicor: There are a number of ways in Epicor to get from a Quote to a Job, and few companies in the CTO/ETO world do it exactly the same. Depending on the overall architecture, the MOMs in question might be modified through the quote module, the part master, or in the jobs themselves. This architecture will affect the processes needed to make changes: do you need to modify MOMs through the quote, or will you perform modifications to the Part Revision through the engineering workbench? Quote MOMs are much more apt to be modified by sales staff than are part master records.

In general, I have found that in most environments, Order Entry is focused on specifying product characteristics, features and options and that Engineering is responsible for defining the engineered product to satisfy these requirements. I often recommend that Engineering be the party responsible for what we normally understand to be the engineering function.

This model works well as companies sufficiently standardize their product offerings to support Epicor Configure-to-Order business models, as the delineation between features and options vs. product design are more pronounced in these environments. But there are certainly cases in which the composition of the entire sales staff, the nature of the product, and the system architecture determines that Sales is the optimal department to make these changes.


Are you a company in an Epicor Engineer-to-Order or Configure-to-Order environment? For help with your Epicor implementation or upgrade, please reach out to our team.