====== ICS Password Overview ====== ICS uses single sign-on for all ICS services such as a Windows login, Linux shell account, and ICS email services. This means that you will only need to remember one set of credentials to log in to most ICS resources. Starting December 18th, 2020, ICS Computing Support began managing ICS account passwords and ICS GSuite passwords separately. Most users will not immediately notice this change but will have to use [[https://support.google.com/accounts/answer/41078|this tool]] to change their ICS GSuite passwords in the future. Your **ICS account credentials** are distinct and different from your UCInetid credentials. Some ICS apps require that you use UCInetid credentials. These apps will clearly indicate that your UCInetid credentials should be used to authenticate. ===== Multi-Factor Authentication ===== Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism. The university is beginning to roll out an MFA solution called [[accounts:security:twofactorauthentication:duo|Duo]]. * Duo MFA is to be required with many UCI resources * Duo MFS is also required on several sensitive ICS resources such as outward-facing servers like emp.ics.uci.edu ===== SSH Keys ===== ICS server users are recommended to set up SSH keys in order to access ICS computing resources. These keys are required to connect to some ICS servers from off campus when not on VPN. * [[:accounts:ssh_keys|SSH Keys]] ===== Change or Reset your ICS Password ===== You may reset your ICS password at [[https://password.ics.uci.edu|ICS Password Page]] if you: * Know your current password, or * Have set and can answer your security question, or * Have access to your alternate email address, which will be used to send a password reset message to You may send email to helpdesk@ics.uci.edu for help recovering your alternate email address. When visiting the password site to reset you password, please note the links along the top bar: {{:accounts:ptb_top_links.png?400}} Click on either **Question** or **Email** in order to reset a forgotten password. === Type of Passwords Reset === The ICS Password Toolbox will change the following passwords: * ICS LDAP * ICS Google Workspace (for non-ugrad accounts) * ICS AD * ICS Kerberos Please contact Helpdesk via email (helpdesk@ics.uci.edu) if you need assistance with this process. Attach any relevant screenshots should you be encountering any error messages. ===== Change or Reset your ICS Google Workspace Password ===== * Use [[https://support.google.com/accounts/answer/41078| this tool]] to change your ICS Google Workspace password after logging in * Use [[https://accounts.google.com/signin/recovery | this link]] to recover a forgotten ICS Google Workspace password ===== Password Management Tools ===== Password management tools aid in securely storing and conveniently recalling passwords. See a list of password/secret managers here: * [[https://swiki.ics.uci.edu/doku.php/software:commontools#password_secret_management|Password/Secret Management]] There are additional password managers available, but this is the pair that Computing Support has used in the past and can recommend: * [[http://keepass.info/|KeePass Password Safe]] * Locally-managed encrypted password file * The KeePass program is distributed under the GNU GPLv2 * [[accounts:lastpass|LastPass]] * Cloud-based * Convenient browser plugins available * [[https://uci.service-now.com/kb_view.do?sysparm_article=KB0011503|Free enterprise license provided by UCI]] ===== Choosing a Password ===== * Create a password using a combination of lowercase, uppercase, symbol, and number characters * Use a longer password (at least 8 characters in length) * Use a "pass phrase" so that your password is easy to remember, for example YoUc@nnOts3e! for You cannot see! ===== How Often to Change Passwords ===== We would like for you to change your password every six months to a year when: * You are not using mitigating tools such as SSH keys or multi-factor authentication (Duo), or * You use public wifi at hotels, shopping malls, coffee shops, etc ICS Computing Support will require that you change your password under the following circumstances: * A significant change to the way that passwords are stored is implemented * There is reasonable suspicion that your account has been compromised It is also a good idea to change your password after certain foreign travel, any use of unsecured networks, and any time that your computer becomes infected with viruses/malware.