public:passwd_change

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Next revisionBoth sides next revision
public:passwd_change [2023-02-14 16:41] veselypublic:passwd_change [2023-02-14 16:42] vesely
Line 9: Line 9:
   * your **Zimbra archive mail**  server account (if available) [A]   * your **Zimbra archive mail**  server account (if available) [A]
  
-===== Guidelines =====+===== Reset Password Guidelines =====
  
 ==== for Domain account [D] ==== ==== for Domain account [D] ====
Line 60: Line 60:
 </WRAP> </WRAP>
  
-===   === 
  
 ---- ----
  
-===== FACTS / HINTS ===== 
- 
-  * **One account for all services**  (called Domain Account). There is **only ****one**** login name and password**  which serves **for**  almost **all applications**  and services at CERGE-EI (Login to computer; Network shares, CEIS; CMS; Reporting; internal web pages; printers etc.) Password may be changed **ONLY ONCE per day**. 
-  * Usually you have an **independent password for Email Server Zimbra**  - including Webmail, SMTP and IMAP access; This case you can change the email password via Zimbra webmail. Than you can have two different passwords (recommended mode). Use [[https://mail.cerge-ei.cz|webmail]] for [[:public:emai:zimbra_password|Zimbra Password change ]] ) 
-  * If you have an **older account**  at CERGE-EI you can still have the **password synced between email and domain**. Coordinate accounts separation with the IT office in advance. __Do not change the email password via Zimbra webmail to make it independent, it could lock your network account.__ 
- 
-  * **Passwords must meet complexity requirements** 
-      * Passwords **must not contain the user's name or username** 
-      * Passwords **must contain characters from the following four categories**: uppercase characters, lowercase characters, digits, other characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/ 
-      * **Must be at least 9 characters long ** 
-  * **Passwords remembered by email clients can 
- <font inherit/inherit;;red;;inherit>LOCK YOUR ACCOUNT</font> ** 
-  * Account is temporarily** locked after several unsuccessful logon attempts**  with a wrong password! 
-  * **Email clients**  (like Thunderbird or Outlook), **smartphones**  and tablets or **web browsers**  (like Firefox or Chrome) **allow password to be remembered**. 
-  * 
- <font inherit/inherit;;red;;inherit>**BE AWARE that SMARTPHONES usually** use remembered password repeatedly</font> **regardless of its validity**  which results in the **account lockdown**. 
-  * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance. 
-  * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**. 
-  * **What to do, if you find out that your AD account or mailbox is locked?** 
-  * **Try to find the reason.**  Have you made many unsuccessful attempts? Have you changed your password? Is your smartphone/tablet active? 
-  * **Stop or power off any possible source of wrong passwords**, e.g. running mail client, browser, smartphone or tablet. 
-  * **Wait a required ****time****period**  (until automatic account unlock applies) 
-  * **Check/change password settings in all client applications.**  Mainly smartphones don't allow to change/save the new password without checking it on the server (It's impossible with locked account). 
-  * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set** 
 ===== MORE DETAILED INFORMATION ===== ===== MORE DETAILED INFORMATION =====
  
Line 117: Line 92:
 Time window in which the failed logons must occur to lock the account: **1 hour** \\  \\ Time window in which the failed logons must occur to lock the account: **1 hour** \\  \\
 Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account. Although the AD account is locked earlier, it is also quickly unlocked. If the attack over the mailer persists, the lock on the mailer is activated for a longer period and produces no new lock of the AD account.
 +
 +
 +===== FACTS / HINTS =====
 +
 +  * **One account for all services**  (called Domain Account). There is **only ****one**** login name and password**  which serves **for**  almost **all applications**  and services at CERGE-EI (Login to computer; Network shares, CEIS; CMS; Reporting; internal web pages; printers etc.) Password may be changed **ONLY ONCE per day**.
 +  * Usually you have an **independent password for Email Server Zimbra**  - including Webmail, SMTP and IMAP access; This case you can change the email password via Zimbra webmail. Than you can have two different passwords (recommended mode). Use [[https://mail.cerge-ei.cz|webmail]] for [[:public:emai:zimbra_password|Zimbra Password change ]] )
 +  * If you have an **older account**  at CERGE-EI you can still have the **password synced between email and domain**. Coordinate accounts separation with the IT office in advance. __Do not change the email password via Zimbra webmail to make it independent, it could lock your network account.__
 +
 +  * **Passwords must meet complexity requirements**
 +      * Passwords **must not contain the user's name or username**
 +      * Passwords **must contain characters from the following four categories**: uppercase characters, lowercase characters, digits, other characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
 +      * **Must be at least 9 characters long **
 +  * **Passwords remembered by email clients can
 + <font inherit/inherit;;red;;inherit>LOCK YOUR ACCOUNT</font> **
 +  * Account is temporarily** locked after several unsuccessful logon attempts**  with a wrong password!
 +  * **Email clients**  (like Thunderbird or Outlook), **smartphones**  and tablets or **web browsers**  (like Firefox or Chrome) **allow password to be remembered**.
 +  *
 + <font inherit/inherit;;red;;inherit>**BE AWARE that SMARTPHONES usually** use remembered password repeatedly</font> **regardless of its validity**  which results in the **account lockdown**.
 +  * **Plan well before you change your password! **Recall all devices or applications with stored passwords (especially smartphones and tablets) in advance.
 +  * **Immediately after the password change**, the client password in your mail, smartphone, tablet **must be changed too**.
 +  * **What to do, if you find out that your AD account or mailbox is locked?**
 +  * **Try to find the reason.**  Have you made many unsuccessful attempts? Have you changed your password? Is your smartphone/tablet active?
 +  * **Stop or power off any possible source of wrong passwords**, e.g. running mail client, browser, smartphone or tablet.
 +  * **Wait a required ****time****period**  (until automatic account unlock applies)
 +  * **Check/change password settings in all client applications.**  Mainly smartphones don't allow to change/save the new password without checking it on the server (It's impossible with locked account).
 +  * **Email client usually requires both IMAP (incoming) and SMTP (outgoing) passwords to be set**
 +
  
 ===== Links ===== ===== Links =====
  • /var/www/html/dokuwiki/data/pages/public/passwd_change.txt
  • Last modified: 2023-04-21 12:46
  • by marp