Frequently asked questions
Frequently Asked Questions about UCSF password management.
Need help? Contact the IT Service Desk at 415-514-4100.
It’s so hard to pick a password and remember it! Do you have any tips?
- It’s helpful to pick a password that you’ll remember, something like “w@term3lonShoes.”
Is the length requirement 12 or 15 characters?
- The requirement for elevated-access Active Directory (AD) accounts is 15 characters. The requirement for all other AD accounts is 12 characters.
Why is the password tool making me use 15 characters for my new password?
- Your account may have some extra access, which means it's considered an elevated account, which requires a minimum of 15 characters.
Can I use the same password across all my accounts?
- Passwords cannot be the same across accounts regardless of whether they’re standard or elevated-privilege accounts. After you change your password on one account, the tool will not accept the same password for your other accounts.
I keep getting locked out! What should I do?
- First, make sure you’ve enrolled in the password tool and downloaded the password mobile application on your mobile phone. You should be able to unlock your account in the tool.
- Second, think about other devices where you might have logged in with your old password. Contact the Service Desk at 415-514-4100 to have someone help you troubleshoot.
How do I know what devices I’ve logged into in the past?
- That’s a good question! Think about, for example: your phone, tablet, a presentation laptop and other mobile devices your department uses, your home computer. Check them all to be sure.
What is the allowed number of failed login attempts before the password tool locks you out?
- Three failed password or security answer attempts will lock you out of the UCSF Password Management Tool, and you will need to call the IT Service Desk (415-514-4100) to have your profile unlocked.
Can a locked Active Directory (AD) account still log into the tool with a password, or are security questions required?
- A security question is required. However, note that neither security question nor password will work if the password-tool profile is locked.
What’s the difference between a locked Active Directory (AD) account and a locked password-tool profile?
- Locked AD accounts due to password failures will auto-unlock after 15 minutes of inactivity. A locked profile in the password tool will remain locked until the Service Desk unlocks it. The Hitachi ID mobile app will not circumvent a locked "password.ucsf.edu" profile.
Password management tool and mobile app
On the security questions page, when I click on "Reveal answers," nothing happens. Is this a bug?
- The Reveal answers button only works on answers you’ve just typed, not on previously stored answers. Once you submit the changes, the answers are encrypted and cannot be revealed. This button is a convenience feature to allow users to verify that they've typed what they thought they typed, since there is no answer verification process.
I’ve loaded the Hitachi ID Mobile Access app onto my phone, but sometimes when I open the app, it’s blank. What’s wrong?
- This is an odd quirk, but you shouldn't need to reload the app or re-register your device. Try tapping on another option besides Profiles at the bottom, then back and tap Profiles; it should reload.