Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:passwd_change [2020-12-08 14:33] – vesely | public:passwd_change [2023-02-14 16:43] – vesely | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== How to change your CERGE-EI accounts passwords ====== | ====== How to change your CERGE-EI accounts passwords ====== | ||
- | Not all accounts at CERGE-EI | + | Because of security measure, |
- | There is a different | + | As a result, there are different |
- | * Your **domain account ****ad.cerge-ei.cz** | + | * your **domain account **//**ad.cerge-ei.cz**// |
- | * Your **Zimbra mail exchange** | + | * your **Zimbra mail exchange** |
- | * Your **Zimbra archive mail** | + | * your **Zimbra archive mail** |
- | ===== Password | + | ===== Reset Password |
- | ==== Domain account [D] ==== | + | ==== for Domain account [D] ==== |
+ | |||
+ | {{: | ||
//Username is usualy in the format **nsurname** | //Username is usualy in the format **nsurname** | ||
- | | + | There are two basic ways how you can change your domain account: |
- | * **Option B: Password Self-Service Portal ** | + | |
+ | | ||
+ | * the second way: **Password Self-Service Portal ** \\ <WRAP round center tip 100%> Go to the address | ||
* You can find out your username at the self-service portal → click // | * You can find out your username at the self-service portal → click // | ||
See [[: | See [[: | ||
- | ==== Email Password | + | ==== Email Accounts Passwords |
- | === Zimbra email Exchange [X] === | + | {{: |
+ | |||
+ | === for Zimbra email Exchange [X] === | ||
+ | |||
+ | {{: | ||
[[https:// | [[https:// | ||
- | Use [[https:// | + | Use [[https:// |
- | === Zimbra Archive [A] === | + | User name is in short format (e.g. **jnovak**). |
+ | |||
+ | You can also **reset forgotten password** | ||
+ | |||
+ | **Important!** | ||
+ | |||
+ | </ | ||
+ | |||
+ | === for Zimbra Archive [A] === | ||
+ | |||
+ | {{: | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | User name is in short format (e.g. **jnovak**). | ||
- | <font inherit/ | ||
- | <WRAP round center tip 100%> | ||
- | Go to the address [[https:// | ||
You can also **reset forgotten password** | You can also **reset forgotten password** | ||
- | <font inherit/ | ||
- | === Kerio Mailserver [K] === | ||
- | Use Kerio webmail ([[https:// | ||
- | ===== FACTS / HINTS ===== | ||
- | * **One account for all services** | ||
- | * You can have an **independent password for email** | ||
- | - coordinate accounts separation with the IT office in advance (older accounts are still synced between email and domain) | ||
- | * **Do not change the email password via Zimbra webmail** | ||
- | (Unless you are the person with the **independent email password**. This case use [[https:// | ||
- | * Password may be changed **ONLY ONCE per day**. | ||
- | * **Passwords must meet complexity requirements**< | ||
- | <font 11.0pt/ | ||
- | * Passwords must not contain | + | **Important!** |
- | * Passwords must contain characters from the following four categories: uppercase characters, lowercase characters, digits, other characters: ~!@# | + | </WRAP> |
- | * Must be at least 9 characters long.</ | + | ---- |
- | * **Passwords remembered by email clients can <font inherit/ | ||
- | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
- | * **Email clients** | ||
- | * **<font inherit/ | ||
- | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
- | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
- | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
- | * **Try to find the reason.** | ||
- | * **Stop or power off any possible source of wrong passwords**, | ||
- | * **Wait a required ****time****period** | ||
- | * **Check/ | ||
- | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== MORE DETAILED INFORMATION ===== | ===== MORE DETAILED INFORMATION ===== | ||
- | **Locking the account and mailbox** \\ \\ | + | ==== Locking the account and mailbox |
- | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | + | |
- | There are three significant parameters of this feature: | + | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ There are three significant parameters of this feature: |
* permissible number of failed attempts; | * permissible number of failed attempts; | ||
Line 76: | Line 72: | ||
* timeout of unlocking. | * timeout of unlocking. | ||
- | The account is locked if the number of allowed fails is exceeded. Failed attempts are counted during the time window. If logon attempts with wrong password stop, the counter is reset after the time window is over. If the account is locked, after the quarantine time it is unlocked again. \\ \\ | + | The account is locked if the number of allowed fails is exceeded. Failed attempts are counted during the time window. If logon attempts with wrong password stop, the counter is reset after the time window is over. If the account is locked, after the quarantine time it is unlocked again. \\ \\ <WRAP round center box important 60%> |
- | <WRAP round center box important 60%> | + | |
Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | ||
- | __**Threshold parameters - Active Directory**__ \\ \\ | + | ==== Threshold parameters - Active Directory |
- | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | + | |
- | Account lockout duration: **3 minutes** \\ | + | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ Account lockout duration: **3 minutes** \\ Account lockout threshold: **7 invalid logon attempts** \\ Account lockout counter reset: **after 3 minutes** |
- | Account lockout threshold: **7 invalid logon attempts** \\ | + | |
- | Account lockout counter reset: **after 3 minutes** | + | ==== Threshold parameters - Zimbra mailer |
- | Number of consecutive failed logons allowed: **10** \\ | + | |
- | Time to lockout the account: **30 minutes** \\ | + | Number of consecutive failed logons allowed: **10** \\ Time to lockout the account: **30 minutes** \\ Time window in which the failed logons must occur to lock the account: **1 hour** \\ \\ Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. |
- | Time window in which the failed logons must occur to lock the account: **1 hour** \\ \\ | + | |
- | Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | + | ===== FACTS / HINTS ===== |
+ | |||
+ | * **One account for all services** | ||
+ | * Usually you have an **independent password for Email Server Zimbra** | ||
+ | * < | ||
+ | * **Passwords must meet complexity requirements** | ||
+ | * Passwords **must not contain the user's name or username** | ||
+ | * Passwords **must contain characters from the following four categories**: | ||
+ | * **Must be at least 9 characters long ** | ||
+ | * **Passwords remembered by email clients can | ||
+ | < | ||
+ | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
+ | * **Email clients** | ||
+ | * | ||
+ | < | ||
+ | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
+ | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
+ | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
+ | * **Try to find the reason.** | ||
+ | * **Stop or power off any possible source of wrong passwords**, | ||
+ | * **Wait a required ****time****period** | ||
+ | * **Check/ | ||
+ | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== Links ===== | ===== Links ===== | ||