Compulsory password change for all IT users
Posted on 06 April 2011
On 5 April 2011 an important milestone was reached in the implementation of UP's new User Identity Management System with the deployment of the Password Self Service functionality. This service provides a simplified procedure for users to change their UP Portal passwords, as well as the ability to reset forgotten or lost passwords themselves. Using this new service is compulsory for all IT users (personnel, students, applicants and guests), since the Identity Management System will, in time, manage the access to all centralised IT systems in a unified and secure way. To activate the service it is required of each user to do a password change as explained below.
To enable the resetting of forgotten passwords, a set of challenge questions is utilised. If a user has forgotten his/her UP Portal password, he/she can reset the password without the intervention of the ITS HelpDesk by simply answering a challenge question. Users need to set up these challenge questions by selecting three questions from a list provided by the system, and then providing the answer to each question.
Keep in mind that the answers to your challenge questions will enable anyone to reset your portal password. You should therefore take care to select questions to which the answers are not common knowledge to everyone who knows you, and to keep your answers as confidential as the password itself.
Instructions for first-time users of the UP Portal:
- Click on the “New user” link on the UP Portal login page.
- Follow the process to create and save an initial password.
- Select three questions from the list of challenge questions.
- Enter and save the answers to the challenge questions.
Instructions for current users of the UP Portal:
- Click on the “Change Password” link on the UP Portal login page to change your current password. This is necessary to initialise settings required by the Identity Management System which provides the new self-service functionality.
- After changing your password, you will be prompted to select three challenge questions from a list and to provide their answers. This is a once-off requirement and future password changes will not require this action again.
· It will no longer be possible for users to change their passwords directly on the LDAP at http://mx1.up.ac.za/.
· A grace period of three weeks will be allowed for current users to change their passwords and set up their challenge questions and answers at their convenience using the “Change Password” link.
· After this initial grace period has expired, a reminder will be displayed every time that a user logs in until he/she has completed the above process.
· As all users will eventually have to complete this process, a cut-off date for completion of the process will be announced at a later stage.
· Currently the self-service functionality applies only to the UP Portal password, which also serves as the password for other enterprise systems such as PeopleSoft, the Leave System, Parking System, and Virtual Expert Online Training System. For students it also applies to their student email. User sign-on to Novell, GroupWise and other systems external to the UP portal are not affected.
· Passwords need to conform to the UP policy which states that a password must consist of at least eight characters, including one or more digits and a combination of upper and lower case letters. Passwords should not include words found in a dictionary, and should preferably not be names of people, pets, celebrities, sports teams and months of the year.