Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:passwd_change [2023-01-31 17:27] – marp | public:passwd_change [2023-04-21 12:46] (current) – [How to change your CERGE-EI accounts passwords] marp | ||
---|---|---|---|
Line 3: | Line 3: | ||
Because of security measure, CERGE-EI distinguishes between __network (domain) passwords__ and __mailserver passwords__. | Because of security measure, CERGE-EI distinguishes between __network (domain) passwords__ and __mailserver passwords__. | ||
- | As a result, there are different passwords for: | + | As a result, there are |
+ | < | ||
- | * your **domain account | + | * **Domain Account |
- | * your **Zimbra | + | * **Zimbra |
- | * your **Zimbra | + | * **Zimbra |
- | + | ===== Reset Password | |
- | ===== Guidelines ===== | + | |
==== for Domain account [D] ==== | ==== for Domain account [D] ==== | ||
+ | |||
+ | {{: | ||
//Username is usualy in the format **nsurname** | //Username is usualy in the format **nsurname** | ||
- | There are two basic ways how you can change your domain account: | + | === Change password === |
- | * → the first way: **Windows login page**< | + | There are two basic ways how you can change |
- | * → the second way: **Password Self-Service Portal ** (experimental)< | + | |
- | <WRAP round center | + | * the first way: **Windows login page**<WRAP round center |
+ | |||
+ | </ | ||
+ | |||
+ | * the second way: **Password | ||
+ | |||
+ | </ | ||
+ | |||
+ | === Reset password === | ||
+ | |||
+ | <WRAP round center important 100%>You can also **reset forgotten password** | ||
+ | |||
+ | </ | ||
See [[: | See [[: | ||
==== Email Accounts Passwords ==== | ==== Email Accounts Passwords ==== | ||
+ | |||
+ | {{: | ||
=== for Zimbra email Exchange [X] === | === for Zimbra email Exchange [X] === | ||
- | [[https:// | + | {{:public:pasted:20230214-163743.png}} |
- | Use [[https:// | + | There are two basic ways how you can change your Zimbra Mailserver account password: |
- | < | + | |
+ | * the first way: Access | ||
+ | |||
+ | | ||
+ | |||
+ | the second way: Use [[https:// | ||
+ | |||
+ | You can also **reset forgotten password** | ||
+ | |||
+ | User name is in short format (e.g. **jnovak**). | ||
+ | |||
+ | **Important!** | ||
=== for Zimbra Archive [A] === | === for Zimbra Archive [A] === | ||
- | [[https:// | + | {{:public:pasted:20230214-163833.png}} |
- | === Kerio Mailserver | + | [[https:// |
- | Use Kerio webmail | + | User name is in short format |
- | ===== FACTS / HINTS ===== | + | You can also **reset forgotten password** |
+ | |||
+ | **Important!** | ||
+ | |||
+ | </WRAP> | ||
+ | |||
+ | ---- | ||
- | * **One account for all services** | ||
- | * Usually you have an **independent password for Email Server Zimbra** - including Webmail, SMTP and IMAP access; This case you can change the email password via Zimbra webmail. Than you can have two different passwords (recommended mode). Use [[https:// | ||
- | * If you have an **older account** at CERGE-EI you can still have the **password synced between email and domain**. Coordinate accounts separation with the IT office in advance. __Do not change the email password via Zimbra webmail to make it independent, | ||
- | * **Passwords must meet complexity requirements**< | ||
- | * Passwords must not contain the user's name or username; | ||
- | * Passwords must contain characters from the following four categories: uppercase characters, lowercase characters, digits, other characters: ~!@# | ||
- | * Must be at least 9 characters long.</ | ||
- | * **Passwords remembered by email clients can <font inherit/ | ||
- | * Account is temporarily** locked after several unsuccessful logon attempts** with a wrong password! | ||
- | * **Email clients** (like Thunderbird or Outlook), **smartphones** and tablets or **web browsers** (like Firefox or Chrome) **allow password to be remembered**. * **<font inherit/ | ||
- | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
- | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
- | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
- | * **Try to find the reason.** | ||
- | * **Stop or power off any possible source of wrong passwords**, | ||
- | * **Wait a required ****time****period** | ||
- | * **Check/ | ||
- | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== MORE DETAILED INFORMATION ===== | ===== MORE DETAILED INFORMATION ===== | ||
- | **Locking the account and mailbox** \\ \\ | + | ==== Locking the account and mailbox |
Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | ||
There are three significant parameters of this feature: | There are three significant parameters of this feature: | ||
Line 76: | Line 91: | ||
Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | ||
- | __**Threshold parameters - Active Directory**__ \\ \\ | + | ==== Threshold parameters - Active Directory |
The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | ||
Account lockout duration: **3 minutes** \\ | Account lockout duration: **3 minutes** \\ | ||
Account lockout threshold: **7 invalid logon attempts** \\ | Account lockout threshold: **7 invalid logon attempts** \\ | ||
- | Account lockout counter reset: **after 3 minutes** | + | Account lockout counter reset: **after 3 minutes** |
+ | |||
+ | ==== Threshold parameters - Zimbra mailer | ||
Number of consecutive failed logons allowed: **10** \\ | Number of consecutive failed logons allowed: **10** \\ | ||
Time to lockout the account: **30 minutes** \\ | Time to lockout the account: **30 minutes** \\ | ||
Line 86: | Line 105: | ||
Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | ||
+ | ===== FACTS / HINTS ===== | ||
+ | |||
+ | * **One account for all services** | ||
+ | * Usually you have an **independent password for Email Server Zimbra** | ||
+ | * < | ||
+ | * Passwords **must not contain the user's name or username** | ||
+ | * Passwords **must contain characters from the following four categories**: | ||
+ | * uppercase characters, | ||
+ | * lowercase characters, | ||
+ | * digits, | ||
+ | * other characters: ~!@# | ||
+ | * **Must be at least 9 characters long ** | ||
+ | * **Passwords remembered by email clients can | ||
+ | < | ||
+ | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
+ | * **Email clients** | ||
+ | < | ||
+ | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
+ | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
+ | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
+ | * **Try to find the reason.** | ||
+ | * **Stop or power off any possible source of wrong passwords**, | ||
+ | * **Wait a required ****time****period** | ||
+ | * **Check/ | ||
+ | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== Links ===== | ===== Links ===== | ||
More complex information is available in the [[: | More complex information is available in the [[: | ||
+ | |||
+ | -.- | ||
+ | |||
+ | {{: | ||