Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
public:passwd_change [2023-02-14 16:40] – vesely | public:passwd_change [2023-02-14 16:41] – vesely | ||
---|---|---|---|
Line 60: | Line 60: | ||
</ | </ | ||
- | === === | ||
---- | ---- | ||
- | ===== FACTS / HINTS ===== | ||
- | |||
- | * **One account for all services** | ||
- | * Usually you have an **independent password for Email Server Zimbra** | ||
- | * If you have an **older account** | ||
- | |||
- | * **Passwords must meet complexity requirements** | ||
- | * Passwords **must not contain the user's name or username** | ||
- | * Passwords **must contain characters from the following four categories**: | ||
- | * **Must be at least 9 characters long ** | ||
- | * **Passwords remembered by email clients can | ||
- | < | ||
- | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
- | * **Email clients** | ||
- | * | ||
- | < | ||
- | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
- | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
- | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
- | * **Try to find the reason.** | ||
- | * **Stop or power off any possible source of wrong passwords**, | ||
- | * **Wait a required ****time****period** | ||
- | * **Check/ | ||
- | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
===== MORE DETAILED INFORMATION ===== | ===== MORE DETAILED INFORMATION ===== | ||
- | ==== | + | ==== Locking the account and mailbox ==== |
Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | Account is temporarily locked after several unsuccessful logon attempts with wrong password to avoid abuse and brute force password breaking. \\ | ||
Line 104: | Line 79: | ||
Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | Smartphones usually use remembered password repeatedly regardless of its validity. Than you can easily lock the mailbox unintentionally.</ | ||
- | ==== | + | ==== Threshold parameters - Active Directory ==== |
The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | The Active Directory (shortly AD) serves as authentication authority for local network shares, desktop login, internal web pages, CEIS, CMS, Reporting etc. \\ \\ | ||
Line 111: | Line 86: | ||
Account lockout counter reset: **after 3 minutes** | Account lockout counter reset: **after 3 minutes** | ||
- | ==== | + | ==== Threshold parameters - Zimbra mailer ==== |
Number of consecutive failed logons allowed: **10** \\ | Number of consecutive failed logons allowed: **10** \\ | ||
Line 117: | Line 92: | ||
Time window in which the failed logons must occur to lock the account: **1 hour** \\ \\ | Time window in which the failed logons must occur to lock the account: **1 hour** \\ \\ | ||
Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. | ||
+ | |||
+ | |||
+ | ===== FACTS / HINTS ===== | ||
+ | |||
+ | * **One account for all services** | ||
+ | * Usually you have an **independent password for Email Server Zimbra** | ||
+ | * If you have an **older account** | ||
+ | |||
+ | * **Passwords must meet complexity requirements** | ||
+ | * Passwords **must not contain the user's name or username** | ||
+ | * Passwords **must contain characters from the following four categories**: | ||
+ | * **Must be at least 9 characters long ** | ||
+ | * **Passwords remembered by email clients can | ||
+ | < | ||
+ | * Account is temporarily** locked after several unsuccessful logon attempts** | ||
+ | * **Email clients** | ||
+ | * | ||
+ | < | ||
+ | * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. | ||
+ | * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. | ||
+ | * **What to do, if you find out that your AD account or mailbox is locked?** | ||
+ | * **Try to find the reason.** | ||
+ | * **Stop or power off any possible source of wrong passwords**, | ||
+ | * **Wait a required ****time****period** | ||
+ | * **Check/ | ||
+ | * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** | ||
+ | |||
===== Links ===== | ===== Links ===== |