User passwords: Creating, resetting, etc

USER PASSWORDS

All access to the system by anyone at all times is protected by password. This system uses world-standard password security protocols including password database encryption.

Creating Password for New User:

When Registrar enrolls a new user, they can either:

Create a “Custom" Password. To meet minimum standard security requirements, Password MUST:

  • Be at least 6 characters long
  • Contain BOTH letter and number characters
  • Contain mixed (upper and lower) case letters OR at least one special character (! @ # $ % ^ & * > “ etc.)

OR

Create a "System Generated" temporary password. This will display a password which is easy to tell someone via phone, simple to spell, and understand. It will consist of two short, simple words and a number, like:

sunnyDay44 largeOak55

Registrar must make note of or ‘copy’ that password, and send or tell it to the user.

Force User to Choose A New Password (RECOMMENDED):

This option in the enrollment process is turned ON by default. When the student logs in for the first time (with the password you created for them), they will have to re-enter that same password and then create a new one, which they can use from then on.

We strongly advise that you leave this option ON to protect your users and your company. Once a student is forced to create their own password, they can not claim that someone else saw/knows their password.

Forgotten Password / Password Reset Process:

Note that for security protocol, passwords are encrypted when created. Therefore, nobody (even our techs) can ever see what a password is. If a user forgets a password, they can use the Password Reset feature. They simply try to sign in, get to the password page, and click on “Forgot Password?” link and click the ‘Reset Password’ button.. The system sends an EMAIL to the user’s email address in their profile. This email contains a special temporary password. This password EXPIRES IN 72 HOURS to meet standard security protocol.

Note that if the student clicks ‘Reset Password’ again, it will make the previous temporary password expired and send a new temporary password. There is a message telling the student to WAIT for the temporary password to arrive in their email.

If the student is unable to reset their password this way (i.e.: they do not have access to the email address in their profile), the only way to to help them is for a REGISTRAR role user to create a new password for them in their profile.

Sending User Their Password:

When you enroll a new STUDENT in the system, in the final step of the enrollment process you have an option to include their sign in credentials. If turned ON, then in the email notification of enrollment, it will send the STUDENT the email address and/or User ID they can sign in with and their password. Since the password is not technically created until this enrollment process is completed, we can show it in this email. After this, the password is encrypted and nobody can ever see it. You can not re-send their password or send them a reminder of what their password is.

Password Expiry:

  • Registrar creates password AND leaves ON the “Force User To Choose New Password”: 18 Months
  • Registrar creates password and turns OFF “Force User To Choose New Password”: Never
  • Registrar creates "System Generated" password: 18 months
  • Temporary Password sent in email from the ‘Forgot Password?’ process: 72 hours
  • User logs in, goes into their Profile and changes their Password: Never
  • Registrar goes to user’s Profile, then Edit Profile, and changes their password: Never
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.