Why are you prompted to change your passwords?
Ucclouds.com is a provider of services that contain personally identifiable information (e.g. PII). As data protection is not just a federal law, it is a moral obligation for us to do what we need to protect your personal data. Additionally, our insurance requires us to protect this data. And finally, regulatory organizations (e.g. PCI-DSS, HIPAA-HITECH, SOC, ISO, FISMA, etc.) all have mandatory requirement that we must adhere to.
One of the easiest ways to love data protection is a simple password. For many, once your password has been compromised, your data world is exposed. With all of the data breaches recent; it is apparent that we all must take steps to protect our data. Regularly changing and utilizing complex passwords is one of the safest and first step in protecting your information. We are required to change passwords at the very minimum every 90 Days and some of our Clients are required to change passwords every 60 days.
Here is excerpts from the Password Management and Password Policy:
"Passwords are the most common method of authenticating the identity of the user before allowing access to systems and applications in "personal" data environment. Subsequently, the effective management of user passwords is critical to support systems and applications transmitting, processing, and/or storing sensitive data from unauthorized access.
A password can be an effective method to safeguard against unauthorized access attempts as it is something which only the user should know; however ineffective password management can lead to a security breach, causing harm to <Client>’s finances, operations, and brand name.
The following are the minimum parameters for passwords and may be increased based upon the criticality of the system or application as defined by <Client> Security Group (UCclouds) resulting from risk assessment activities. Passwords must be managed, as allowable, by an automated user access control system.
Passwords may not contain any reference to <Client>, personal information; the user’s ID, pet’s name, etc. or be known words. In other words, the password should be a set of random characters which the user can remember, but cannot be figured out easily.
Passwords are not to be visible on screen when the user is entering them.
Passwords are to be a minimum of seven characters in length and contain alphanumeric characters.
The user is required to change their password every 90 days, at a maximum.
(NOTE: In January 2016 the maximum life cycle will be reduced to 60 Days.)
New passwords created cannot be similar to the ones that have previously been used, and cannot be the same as the last four previously used.
The UCclouds Security Group is required to provide the user with a unique and random password which the user must change upon their first login following these password parameters. This applies to passwords being granted to new users, current users changing positions and gaining access privileges, and users who have forgotten their passwords.
User Account Lockout
After six invalid access attempts, the user is to be locked out for a minimum of 30 minutes or until the UCclouds Security Group unlocks the account.
User Identification Verification
In the event of an account lockout or a password reset request, the UCclouds Security Group must verify the identity of the user before granting them access again by contacting UCclouds Security/Support Group, request a password reset. UCclouds Security Group shall acknowledge the request within the secure Client Portal.
A screensaver must be initiated after 15 minutes of inactivity on the system, and a password required to unlock the screen.
Users should not write down their passwords or store them electronically, unless using a pre-approved password storage system. In addition, users may not ‘cache’ or select an option to remember their password when online, as this may store the password insecurely. The UCclouds Security Group must store user passwords in a secure manner, protected from unauthorized access and in unreadable format.
Passwords may never be transmitted, unless by the UCclouds Security Group and approved by UCclouds Security Group to support users. This group must use a secure method of transmitting the password to the user and may not be sent over insecure user communication methods. The receiving user is to verify and confirm receipt of the password.
Default System Passwords
Systems usually come with default passwords installed which can be easily discovered online. The UCclouds Security Group must change the default password prior to deployment into the environment.
I know that this was lengthy but the aforementioned information is directly copied from our Security Policies which are governed by our insurance company and Federal Data Protection Laws.
Due to the regularity and complexity of passwords and in our case the number of passwords we are required to have; UCclouds.com utilizes a vetted, compliant company application to manage our password. Although this is not an endorsement, I wanted to provide you the company that UCclouds.com has used for the last 8 years: https://keepersecurity.com. We recommend a secured method of managing, generating and distributing of passwords and Keeper does that for UCclouds.com.
Now that we have discussed the "legal" information; I want to address how you can change your password for your EliteDesk.
Whenever you are logged into your desktop you can change your password by issuing a CTRL+ALT+DEL command. If you are using a "Zero Client" this is simply a keyboard command. If you are using the "View Client" you will find the CTRL+ALT+DEL command from the top of the client located in the "top bar".
Once you have issued the CTRL+ALT+DEL command, you will prompted for some windows commands; one of them is to change your password. Click on the password change and follow the prompts. You will need your current password in addition to the new password.
This is a good time to talk about the password complexity. You cannot use the last 4 passwords that you have used. Your password requires a minimum of 8 characters with at least 1 capital letter, 1 number and 1 symbol.
Remember to securely save your new password so you can refer to it when you need to log in.
If you cannot reset your password (i.e. expired, locked out, etc.) you can open an EliteSupport Ticket with our Team or call our Support Hotline (you must provide a Valid Security PIN) and they can reset your password. They WILL NOT provide the temporary password over the phone but will open a Ticket with the details. You will need to log into the Client Portal to retrieve this information.