Have you added security information to your account?
You cannot reset your password unless you add security information to your account by linking a phone number, personal email address, or mobile authenticator app to your Office 365 account.
I have forgotten my password and I have added security information:
You can Reset your password.
I have forgotten my password and I have not added security information:
Step-by-step instructions can be found on the "How to Change Your Password" page on InfoBase. If you are unable to change your password using the links above, please contact the IT HelpDesk at firstname.lastname@example.org.
Password-based authentication is an essential tool that allows us to secure access to A-B Tech systems and information. Every student and employee has a primary A-B Tech username and password. That account is used to access most college assets: computers, web sites (e.g. Moodle), Wi-Fi, etc. Most students and employees have additional accounts that rely on password-based authentication, too.
Over time, passwords have become less reliable as a security measure and more painful for end users. Often, they are at the center of data breaches and instances of unauthorized access. While we cannot yet abandon password-based authentication, we can improve how we use passwords to make them more secure and less frustrating. Based on the most recent recommendations from NIST, A-B Tech's IT department has developed a list of requirements and recommendations for password creation and use.
Any password that is used to access A-B Tech assets…
- Must be at least eight characters long, but should be as long as possible
Password length is the primary factor in a password's ability to stand up to certain types of attacks. Use a password that is as long as you are comfortable remembering and typing.
- May consist of any supported character that you can type (lower- and uppercase letters, numbers, and punctuation/special characters)
A complex password will be more resistant to certain types of attacks than a simpler password of the same length. However, a long, simple password will be practically as strong as a short, complex password. You are encouraged to use more than just lowercase letters in your passwords, but if you want a stronger password, add length before you add complexity.
- Should be difficult to guess
Your password should not contain details about yourself, details about your family/friends/pets, anything shared on social media, or any other information that someone may know about you. Attackers will use data like this to try and guess your password.
- Should not be used if it is found in a data breach
Attackers have access to millions of passwords of actual users, gathered together from thousands of data breaches, and they can use this resource to try and compromise your account in several different types of attacks. You can use A-B Tech's PasswordCheck to see if a password that you are considering has been found in a data breach.
- Must not be used with non-A-B Tech accounts
Reusing passwords may put your account at risk, because an attacker who has compromised one of your non-A-B Tech accounts would be able to easily compromise your A-B Tech account. A-B Tech cannot mitigate or prevent data breaches at third-party services and sites.
- Must be changed if either you or IT suspect that it is compromised
You are not required to change your password on a regular basis. However, if you have any suspicion that your password is known to someone else, you are expected to change it immediately. If IT suspects that your password is compromised, we will expire your password and assist you with a reset.
- Should be safeguarded
Because (in most instances) your password is the only way by which our systems identify you, it is imperative that you and you alone know your password. A-B Tech staff will never ask you for your password, and you should never provide it. You should never log in as someone else or allow someone to log in as you. You should never write down your password or store it in an insecure way.
- Adopt a password creation technique. One technique is to memorize a secret sentence and turn it into a password using a strategy that only you know. Using the sentence "Language exerts hidden power, like a moon on the tides.", you could use the words' first letters to create a password like this: Lehplamott. This could be the basis for a great, personalized password creation technique. There are many more techniques to choose from.
- Look into using a password manager – such as LastPass, Keeper or 1Password – for personal use, to reduce the number of passwords that you need to commit to memory.
- Use "Have I Been Pwned?" to see if one of your accounts has been exposed in a data breach.