public:user_accounts

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:user_accounts [2021-11-02 15:06] – [Password usage tips] marppublic:user_accounts [2024-10-07 14:50] (current) – [User Accounts and Password usage] marp
Line 1: Line 1:
-===== User Accounts and Password usage =====+====== User Accounts and Password usage ======
  
 ---- ----
  
-Note: For Charles University Central Autentication Services (CAS) please go to [[https://ldapuser.cuni.cz/|https://ldapuser.cuni.cz/]]+{{:public:pasted:20211124-135717.png?60x60}}**The Charles University realm** 
 + 
 +Unified access to central web services for students, staff and external users with single login and password for all services. 
 + 
 +<faicon fa fa-hand-o-right> For Charles University **Central Autentication Services** (**CAS**) please go to [[https://ldapuser.cuni.cz/|https://ldapuser.cuni.cz/]] 
 + 
 +See also [[:public:institutions|Charles University and Czech Academy of Sciences resources]]
  
 ---- ----
  
-**The CERGE-EI realm:**+{{:public:pasted:20211124-140152.png}}**The CERGE-EI realm**
  
 Every faculty and staff member as well as every student are eligible for network and email accounts. These accounts are setup by the network administrator after filling up a simple form by a new LAN user directly at the computer office on the 4th floor, room 409. ** CERGE-EI email accounts are "lifetime" accounts for all alumni, provided they are looked after by users. The size of mailboxes can be extended upon request in justified instances by contacting the Computer Office at [[helpdesk@cerge-ei.cz|]].**. Every faculty and staff member as well as every student are eligible for network and email accounts. These accounts are setup by the network administrator after filling up a simple form by a new LAN user directly at the computer office on the 4th floor, room 409. ** CERGE-EI email accounts are "lifetime" accounts for all alumni, provided they are looked after by users. The size of mailboxes can be extended upon request in justified instances by contacting the Computer Office at [[helpdesk@cerge-ei.cz|]].**.
Line 13: Line 19:
 The initial password for each account is generated and is unique. The initial password for each account is generated and is unique.
  
-==== Changing Password (Domain account) ====+ 
 + 
 +Because of security measure, CERGE-EI distinguishes between __network (domain) passwords__ and __mailserver passwords__. 
 + 
 +As a result, there are 
 + <font inherit/inherit;;inherit;;#ffff00>different passwords</font>  for your: 
 + 
 +  * **Domain Account **//**ad.cerge-ei.cz**//  (Active Directory) used for PC/network logon, Moodle/CMS, CEIS, VPN, internal web, TAS etc. [D] 
 +  * **Zimbra Mail exchange**  server account [X] 
 +  * **Zimbra Archive mail**  server account (if available) [A] 
 + 
 +===== More about passwords ===== 
 + 
 +Changing passwords, detailed info, [[:public:passwd_change#locking_the_account_and_mailbox|lock-out]] behavior etc. - see [[:public:passwd_change|How to change your CERGE-EI accounts passwords]] 
 + 
 +===== Changing Password (Domain account) =====
  
 **Option A:** **Via Windows** - once you are logged at the PC connected to CERGE-EI internal network: **Option A:** **Via Windows** - once you are logged at the PC connected to CERGE-EI internal network:
Line 30: Line 51:
   * **Register your mobile phone**  to be able to reset forgotten password   * **Register your mobile phone**  to be able to reset forgotten password
 __**Important notice:**__ __**Important notice:**__
- + <font inherit/inherit;;#c0392b;;inherit>//PWM is in test/experimental phase. Not all users are currently enabled. If you want to use it, please contact IT Office. One of the prerequisities is to have separated your email account from your domain account. It may be achieved by resetting email password via mailserver's web interface. Consult with IT before you start.//</font>
-<font inherit/inherit;;#c0392b;;inherit>//PWM is in test/experimental phase. Not all users are currently enabled. If you want to use it, please contact IT Office. One of the prerequisities is to have separated your email account from your domain account. It may be achieved by resetting email password via mailserver's web interface. Consult with IT before you start.//</font>+
  
  
Line 37: Line 57:
 **PLEASE, do not try to change Domain account password via Zimbra webmail,**  it could lock your network account in some cases. **PLEASE, do not try to change Domain account password via Zimbra webmail,**  it could lock your network account in some cases.
  
-==== Sharing identity? ==== +===== Sharing identity? ===== 
- + <font inherit/inherit;;#d35400;;inherit>**REMEMBER!**</font>
-<font inherit/inherit;;#d35400;;inherit>**REMEMBER!**</font>+
  
 **Account identified by username is allocated personally to you**, you are not allowed to lend it to other people. You are responsible for the activities under this identification. **Account identified by username is allocated personally to you**, you are not allowed to lend it to other people. You are responsible for the activities under this identification.
  
-==== Password complexity requiremets ====+===== Password complexity requiremets =====
  
 Our security settings require that users' passwords meet **complexity requirements**  and they are enforced when passwords are changed or created. Our security settings require that users' passwords meet **complexity requirements**  and they are enforced when passwords are changed or created.
Line 49: Line 68:
 Complexity requirements are listed in the [[:public:passwd_change|Password Change]] article. Complexity requirements are listed in the [[:public:passwd_change|Password Change]] article.
  
-==== Password usage tips ====+===== Password usage tips =====
  
-It's highly recommended to use **strong passwords**, which **does not contain** the __user or company name__, __real name__ or a complete __dictionary word__.+It's highly recommended to use **strong passwords**, which **does not contain**  the __user or company name__, __real name__  or a complete __dictionary word__.
  
-Do **NOT** use the **same password** for multiple logins (e.g. the same password for gmail, facebook, windows domain authentification at work, dropbox etc.): when login credentials of __one of them is compromised__, __all the services__ using the same password should be considered compromised too!+Do **NOT**  use the **same password**  for multiple logins (e.g. the same password for gmail, facebook, windows domain authentification at work, dropbox etc.): when login credentials of __one of them is compromised__, __all the services__  using the same password should be considered compromised too!
  
 It's difficult to remember a whole bunch of complex passwords, therefore it's recommended to use a password manager, for instance [[http://www.lastpass.com|www.lastpass.com]] for online usage or software based for offline usage [[http://keepass.info/|http://keepass.info/]]: you have to remember only one strong "master" password - the others are stored safely in a "vault". It's difficult to remember a whole bunch of complex passwords, therefore it's recommended to use a password manager, for instance [[http://www.lastpass.com|www.lastpass.com]] for online usage or software based for offline usage [[http://keepass.info/|http://keepass.info/]]: you have to remember only one strong "master" password - the others are stored safely in a "vault".
  
-You can even use the **same strong password** for __multiple logins__, just add a __"service identificator"__ - example for gmail would be "sTRONgPassW0rd@gmail", example for facebook could be "sTRONgPassW0rd@FB" - but security is lower than in separate complex passwords..+You can even use the **same strong password**  for __multiple logins__, just add a __"service identificator_ckgedit_QUOT___ - example for gmail would be "sTRONgPassW0rd@gmail", example for facebook could be "sTRONgPassW0rd@FB" - but security is lower than in separate complex passwords..
  
-Make sure you know **how to reset the password** for all of your websites, services, computer accounts you have. In most cases, new password activation link is send to your email filled in during registration. Some services use 2way authentification verification as most banks do, e.g. cell phone SMS.+Make sure you know **how to reset the password**  for all of your websites, services, computer accounts you have. In most cases, new password activation link is send to your email filled in during registration. Some services use 2way authentification verification as most banks do, e.g. cell phone SMS.
  
-If you __accidentally left behind your smartphone somewhere__, **reset immediately** the password for all the services used on the phone - eg. Facebook, email accounts. Attacker could gain access to these services and perform __identity theft__ on you.+If you __accidentally left behind your smartphone somewhere__, **reset immediately**  the password for all the services used on the phone - eg. Facebook, email accounts. Attacker could gain access to these services and perform __identity theft__  on you.
  
-**Encrypt** your entire phone (e.g. Android has already added this feature), encrypt the entire disk of your laptop using windows __Bitlocker__ or __Truecrypt__ version 7.1a max. - newer versions are not considered safe. In case of theft/loss your data are safe because of encryption.+**Encrypt**  your entire phone (e.g. Android has already added this feature), encrypt the entire disk of your laptop using windows __Bitlocker__  or __Truecrypt__  version 7.1a max. - newer versions are not considered safe. In case of theft/loss your data are safe because of encryption.
  
-Passwords should be **changed regularly**. Stronger password could be changed less often, anyway a rules of thumb is: "the __period of password change__ should always be __shorter than__ approx. amount of __time needed to crack it__."+Passwords should be **changed regularly**. Stronger password could be changed less often, anyway a rules of thumb is: "the __period of password change__  should always be __shorter than__  approx. amount of __time needed to crack it__."
  
-**Do not tell a password to anyone**! If you have to tell a password to somebody else e.g. in order to complete an important task, __change it immediately after the usage__ then.+**Do not tell a password to anyone**! If you have to tell a password to somebody else e.g. in order to complete an important task, __change it immediately after the usage__  then.
  
-**Do not send passwords by email!** Emails travel through internet in plain text form and it is relatively easy to capture an email. Better ways how to share a password are __SMS__ or to tell it during a __phone conversation__.+**Do not send passwords by email!**  Emails travel through internet in plain text form and it is relatively easy to capture an email. Better ways how to share a password are __SMS__  or to tell it during a __phone conversation__.
  
-Do not react to the **forged emails** telling you to change your password to some of your accounts somewhere. This social technique is called "**Phishing**".+Do not react to the **forged emails**  telling you to change your password to some of your accounts somewhere. This social technique is called "**Phishing**".
  
-**Do not write** passwords on __piece of paper__, __stickers__ etc.: anybody accessing your table can **abuse them**.+**Do not write**  passwords on __piece of paper__, __stickers__  etc.: anybody accessing your table can **abuse them**.
  
  
  • /var/www/html/dokuwiki/data/attic/public/user_accounts.1635865561.txt.gz
  • Last modified: 2021-11-02 15:06
  • by marp