Your Username YOUR Password: Securing access with the aid of the Password Reset Manager

Your username and password protects some very important things in relation to your studies at Marjon University and it is extremely important that these details should not fall into the wrong hands and by wrong I mean anybody who is not you, including your spouse, you mates and your dog. Well, perhaps it's OK to tell your dog but definitely not your parrot.

The first thing you need to do is to change the password you were given to one of your own choosing. There are several ways to do this but the one I am recommending works whether you are on campus or not and also provides you with a secure means of resetting your password should you ever forget it.

Using the Password Reset Manager

Find a computer you know to be secure and point your web browser at our Password Reset Manager at https://prm.marjon.ac.uk . How do you know the computer you use is secure? Well if it's your own computer then I assume you have an up-to-date virus checker on it. If you are using one of the network computers we provide for you on campus and you want to be sure of it then restart the computer before you login. This resets the computer to the state it was in when our technicians last installed or updated the system.

Step 1: Identify yourself to the Password Reset Manager. Use your real name or your student number. No need for a password at this stage.

Screenshot of the dropbox dialog asking for your identity

Step 2: Setup your Questions and Answers Profile. To enter this stage you will need to give your account password. You will then be asked to provide the answers to four different questions. You can specify the questions yourself. They should be something which you know but which cannot be guessed by others.

Screenshot of the Password Reset Manager Main Options

Step 3: Change your password to one of your own devising using the “Manage My Passwords” button. You will need to give your current password again then you will be asked to enter the new password you want to use. This password must conform to our password policy which is:

  • passwords must be at least 14 characters in length;

  • passwords must contain a mixture of upper and lower case characters;

  • passwords must contain at least one non alphanumeric character. You can use any of the symbol characters on the keyboard for this but it would be wise to avoid the pounds sign (£) and don't use spaces in the password. Some systems through which you might need to authenticate yourself have difficulty with these.

Once you have done all this you are ready to go and should feel safe in the knowledge that nobody else knows or can guess your new password but if you forget it you can always come back here, answer the security questions and reset it.

Once you have reset your password it should work immediately but if not then please give it half an hour before worrying about it. We have a number of different authentication servers which need a little time to synchronise with one another and the one which accepted your new password might not be the one which authenticates your next request.

I know that setting up a long and complicated password is a bit of a bind but the reason we insist on this is because we are doing our best to ensure that you don't have your account compromised. One common misconception is that Computing Services can tell you your password if you have forgotten it. This is not true as we simply don't know it and our systems don't store it. Our systems take the password you supply and transform it into something called a 'password hash'. This is a mathematical transformation which cannot be reversed mathematically. The most common way of having your account compromised is by telling somebody else your password or by leaving a computer in a public area logged on and unattended. If you do this and somebody else gets into the admin portal for your account and changes your account details or submits some rubbish on your behalf for an on-line assessment then you have only yourself to blame for the consequences. Computing Services staff will NEVER ask for your password when you call for help. We will ask to see your library card if you are calling in person or if you call by phone or email we will ask for your student number and some other identifying information which we can check against University records.

Last modified: Monday, 14 April 2014, 2:23 PM