Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
public:passwd_change [2020-04-14 13:40] – vesely | public:passwd_change [2023-04-21 12:46] – [How to change your CERGE-EI accounts passwords] marp | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== How to change your CERGE-EI | + | ====== How to change your CERGE-EI |
- | Not all accounts at CERGE-EI | + | Because of security measure, |
- | There is a different | + | As a result, there are |
+ | < | ||
- | * Your **domain account | + | * **Domain Account |
- | * Your **Zimbra | + | * **Zimbra |
- | * Your **Zimbra | + | * **Zimbra |
+ | ===== Reset Password Guidelines ===== | ||
- | ===== Password management (change) ===== | + | ==== for Domain account [D] ==== |
- | ==== Domain account [D] ==== | + | {{: |
//Username is usualy in the format **nsurname** | //Username is usualy in the format **nsurname** | ||
- | * **Option A: Windows login page**< | + | === Change password |
- | * **Option B: Password Self-Service Portal ** (experimental)< | + | |
- | * You can find out your username at the self-service portal → click // | + | |
+ | There are two basic ways how you can change your domain account password: | ||
+ | |||
+ | * the first way: **Windows login page**< | ||
+ | |||
+ | </ | ||
+ | |||
+ | * the second way: **Password Self-Service Portal **<WRAP round center tip 100%> Go to the address **[[https:// | ||
+ | |||
+ | </ | ||
+ | |||
+ | === Reset password === | ||
+ | |||
+ | <WRAP round center important 100%>You can also **reset forgotten password** | ||
+ | |||
+ | </ | ||
See [[: | See [[: | ||
- | ==== Email Password | + | ==== Email Accounts Passwords |
- | === Zimbra email Exchange [X] === | + | {{: |
- | <font inherit/ | + | === for Zimbra email Exchange [X] === |
- | Use [[https:// | + | {{:public:pasted:20230214-163743.png}} |
- | === Zimbra | + | There are two basic ways how you can change your Zimbra |
- | <font inherit/inherit;;# | + | * the first way: Access [[https:// |
- | <WRAP round center tip 100%>Go to the address [[https:// | + | * |
- | You can also **reset forgotten password** | + | the second way: Use [[https:// |
- | <font inherit/ | + | You can also **reset forgotten password** at the PWMX Portal if necessary |
- | === Kerio Mailserver [K] === | + | User name is in short format (e.g. **jnovak**). |
- | Use Kerio webmail | + | **Important!** |
- | ===== FACTS / HINTS ===== | + | === for Zimbra Archive [A] === |
- | * **One account for all services** | + | {{: |
- | * You can have an **independent password for email** | + | |
- | - coordinate accounts separation with the IT office in advance (older accounts are still synced between email and domain) | + | [[https:// |
- | * **Do not change the email password via Zimbra webmail** | + | User name is in short format |
- | | + | |
- | | + | |
- | * **Passwords must meet complexity requirements**< | + | |
- | <font 11.0pt/ | + | |
- | * Passwords must not contain | + | You can also **reset forgotten password** |
- | * Passwords must contain characters from the following four categories: uppercase characters, lowercase characters, digits, other characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>, | + | **Important!** You need to have ** mobile phone number registered at the portal** |
- | * Must be at least 9 characters long.</ | + | </ |
+ | |||
+ | ---- | ||
- | * **Passwords remembered by email clients can <font inherit/ | ||
- | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
- | * **Email clients** | ||
- | * **<font inherit/ | ||
- | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
- | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
- | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
- | * **Try to find the reason.** | ||
- | * **Stop or power off any possible source of wrong passwords**, | ||
- | * **Wait a required ****time****period** | ||
- | * **Check/ | ||
- | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== MORE DETAILED INFORMATION ===== | ===== MORE DETAILED INFORMATION ===== | ||
- | **Locking the account and mailbox** \\ \\ | + | ==== Locking the account and mailbox |
Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | ||
There are three significant parameters of this feature: | There are three significant parameters of this feature: | ||
Line 90: | Line 91: | ||
Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | ||
- | __**Threshold parameters - Active Directory**__ \\ \\ | + | ==== Threshold parameters - Active Directory |
The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | ||
Account lockout duration: **3 minutes** \\ | Account lockout duration: **3 minutes** \\ | ||
Account lockout threshold: **7 invalid logon attempts** \\ | Account lockout threshold: **7 invalid logon attempts** \\ | ||
- | Account lockout counter reset: **after 3 minutes** | + | Account lockout counter reset: **after 3 minutes** |
+ | |||
+ | ==== Threshold parameters - Zimbra mailer | ||
Number of consecutive failed logons allowed: **10** \\ | Number of consecutive failed logons allowed: **10** \\ | ||
Time to lockout the account: **30 minutes** \\ | Time to lockout the account: **30 minutes** \\ | ||
Line 100: | Line 105: | ||
Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | ||
+ | ===== FACTS / HINTS ===== | ||
+ | |||
+ | * **One account for all services** | ||
+ | * Usually you have an **independent password for Email Server Zimbra** | ||
+ | * < | ||
+ | * Passwords **must not contain the user's name or username** | ||
+ | * Passwords **must contain characters from the following four categories**: | ||
+ | * uppercase characters, | ||
+ | * lowercase characters, | ||
+ | * digits, | ||
+ | * other characters: ~!@# | ||
+ | * **Must be at least 9 characters long ** | ||
+ | * **Passwords remembered by email clients can | ||
+ | < | ||
+ | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
+ | * **Email clients** | ||
+ | < | ||
+ | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
+ | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
+ | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
+ | * **Try to find the reason.** | ||
+ | * **Stop or power off any possible source of wrong passwords**, | ||
+ | * **Wait a required ****time****period** | ||
+ | * **Check/ | ||
+ | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== Links ===== | ===== Links ===== | ||
More complex information is available in the [[: | More complex information is available in the [[: | ||
+ | |||
+ | -.- | ||
+ | |||
+ | {{: | ||