it.ucsf.edu

Password Management Tool FAQ

Erik Wieland's picture

Frequently Asked Questions about the UCSF Password Management Tool. Have a question? Please email us at [email protected].

 

General

How will remote users – who will never physically be near a UC network – access the UCSF Password Management Tool?

Does the required password change also apply to resource accounts?

Is the length requirement 12 or 15 characters?

On the security questions page, when I click on "reveal answers" nothing happens. Is this a bug?

Can I use the same password across all my accounts?

Lockouts

What is the number of failed login attempts before the password tool locks you out?

Can a locked AD account still log into the tool with a password or are security questions required?

What’s the difference between a locked AD account and a locked password tool profile?

Hitachi ID Mobile Access App

I’ve loaded the Hitachi ID Mobile Access app onto my phone, but sometimes when I open the app it’s blank. What’s wrong?

General

How will remote users – who will never physically be near a UC network – access the UCSF Password Management Tool?

Remote users have access to the UCSF network with VPN, either https://remote.ucsf.edu or using the Pulse Secure VPN client.

Does the required password change also apply to resource accounts?

Resource accounts are out of scope for this project. Only Active Directory (AD) accounts that are active, mail-enabled, and have an employee ID beginning with “02” are in scope.

Is the length requirement 12 or 15 characters?

The requirement for elevated access AD accounts is 15 characters. The requirement for all other AD accounts is 12 characters.

On the security questions page, when I click on "reveal answers" nothing happens. Is this a bug?

The “Reveal answers” button only works on answers you’ve just typed, not on previously stored answers. Once you submit the changes, the answers are encrypted and cannot be revealed. The “Reveal answers” button is a convenience feature to allow users to verify they typed what they thought they typed, since there is no answer verification process.

Can I use the same password across all my accounts?

Passwords cannot be the same across accounts regardless of whether they’re standard or elevated privilege accounts. After you change your password on one account, the tool will not accept the same password for your other accounts.

Lockouts

What is the number of failed login attempts before the password tool locks you out?

Three failed password or security answer attempts will lock you out of the UCSF Password Management Tool, and you will need to call the IT Service Desk to have your profile unlocked.

Can a locked AD account still log into the tool with a password or are security questions required?

A security question is required. Though please note that neither security question nor password will work if the password tool profile is locked.

What’s the difference between a locked AD account and a locked password tool profile?

Locked AD accounts due to password failures will auto-unlock after 15 minutes of inactivity. A locked profile in the password tool will remain locked until the Service Desk unlocks it. The Hitachi ID mobile app will not circumvent a locked password.ucsf.edu profile.

Hitachi ID Mobile Access App

I’ve loaded the Hitachi ID Mobile Access app onto my phone, but sometimes when I open the app it’s blank. What’s wrong?

This is a funny quirk, but you should not need to reload the app or re-register your device. Try tapping on another option besides “Profiles” at the bottom, then back to “Profiles” and it should reload.