Sky Password Change

[Janne Desir]

IfI ever change the password of my account I was expecting the need to update it everywhere I use it. If, by any change, somebody uses a Desktop/Mobile client and I change my password, this person would be able to keep on using it without problems.

Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible!

Its not a security flaw - clients that are connected only use the password for the first time they connect, after that they use a token that they receive on that first authentication. Same goes for all third party apps.

I see the point, but I don't agree. Specially since I don't have any option to disable it. The first thing you do when a device is stollen, a security breach happens, is changing your passwords. If the person has your connected device it will not change a thing.

If someone steals your password, no devices are affected anyway as you do not have to enter your account password to use any of them - mobile devices allow you to set a separate PIN, but your account password is never required.

I should have the option to revoke all access to my account as soon as I change the password. I'm pretty sure that it's not hard and you could keep using it the way it is and I would change to my way. Everybody would be happy.

Indeed I could change my password daily, which would be a bummer, but since I use a password manager (let's say it is the only way to use secure password updated frequently for several different services) to type again a password for a specific client is not even close to be problematic.

so for example: if a thief stole my dropbox password, and before I even notice that, he/she might already install the sync app in his/her pc. now after I change my drobpox password, so the thief can still see the sync the files from his/her pc?

Richard P, if yo still don't think that is a security issue, then I will be shocked. are you in fact dropbox employee? or you just a super dropbox user like us? no offense, but I need email dorpbox support team for the security concern if you are not employee.

It looks to me that the concern one of the users is having is that there is no security option when changing the password so that it will have to be re-entered when using a device. But if I am understanding correctly, that security exists if you unlink the other device(s); a new password will have to be entered for the device to be registered again.

My question is if you unlink the device and then enter the new password from the unlinked device, will it have to re-sync all files? Will files be duplicated? Or will Dropbox recognize all the old files on the device and sync only the newer or updated ones?

This system is the property of University of Montana and is subject to the MUS security, monitoring, and appropriate-use policies. Unauthorized use is a violation of 45-6-311, MCA and Montana University System policies. By continuing to use this system, you indicate your awareness of and consent to these terms and conditions of use. Log off immediately if you do not agree to the conditions stated in this warning.

Never respond to email asking you to provide account information. UM will never ask you for personal information by email. If you think you have provided your password by email, contact the IT help desk immediately.

I have Dell Optiplex 755 and I was trying to get into MEBX configuration, but after I enter ME password (admin by default), it asks me to change ME password first, before I can do anything, but here comes my problem- I searched almost everywhere, tried everything, but I can't change that ME password. I tried a lot of combinations of lower case, upper case, special symbols, numbers, but . (on few threads about this problem I found password "P@ssword5!" but even this one didn't work). I'm starting to be desperate, so I'm asking mysefl, if there is any solution for my problem.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

Even though I no longer see the issue currently in our test environment, I'm going to definitely examine what you've said! You've definitely made me curious. And, we're going to be conducting testing again in a few weeks. It would be interesting, to say the least, if this were the cause.

I don't know why this worked. But, I deleted a newly created GP user in this test environment and recreated her. After doing so, I was able to change her password and login--without the "login failed for an unknown reason" error!

Have you tried to untick the change the password on the next login and make the user to change the password after login to GP under user preference. I have experienced exactly the same and vaguely remember that i done this way :-)

But none of the administrator changed the password for user admin.

When checked the logs if this user has logged in on Monitor tab, there was no login with this username admin in front of this password change.

Could a commit or other system auto-commit make this log line?

If the phash value is the same, the password didn't actually change. If the password did change, then you'll need to take a closer look at the logs under Monitor > Configuration. The user who changed the password may have been logged in for quite a while or even via serial console. If you've got a console server connected to the device, check its logs as well to see who may have logged in.

Generally an admin changing something wouldn't trigger a password change notice unless they modified the master key, in which case the phash value would change and you could see the notice as the password did change as far as the firewall is concerned.

Someone already had to implement something to make it easier to change that user's password without having to interfere, so I only need to pass the password once and after the first login through the global protect client he could somehow change his password.

This could potentially be done through the XML-API. You could create a powershell script with the respective variables for the user account and a password field that the user is prompted for when they run the script. The upside to this is they can change the password by themselves and just let you know that they have change it so you can schedule a commit, the downside is even with admin roles since the API would need to run with a user given permission to alter the configuration you have to trust your users enough not to monkey with the script for any reason.

not at the top of my head but you can rely on third party authentication like radius, LDAP or kerberos so the users can change their passwords on those systems or use the same password as in their domain computers (which you don't know)

Using external LDAP/RADIUS will not solve problem. Simplest example is when a user is outside of work for a longer period and have no possibility to update expired password onsite but have to use VPN.

It would be nice to have at last password change/expired password change possibility if using LDAP/Active Directory with Global Protect (without workarounds like cookies, additional cert logon etc.).

This is a security issue and needs higher priority by Palo Alto. How am I to deliver credentials to a user safely if that user isn't forced to change her password upon first login? Every other firewall brand has this feature. Are you telling me I have to fly from LA to Chicago to hand deliver the password? How am I supposed to dispense credentials safely?

Fair enough, I was being a bit hyperbolic. But, text message is out of the question because it relies on the end user to delete it. Otherwise if the device is compromised, it has the vpn client and password on the same device. Dictating a complex password can also be tough, especially when you are rolling out VPN access to dozens of people. Also, best practice is to renew passwords on a periodic basis. GlobalProtect simply doesn't have the capabilites to maintain best practice. I guess we will have to rely on MFA for every type of user.

I completly understand and from what I can tell it would be a nice feature. Talk to your SE and see if there is already a feature request for it. However you could use a different RADIUS server for those users and have it perform the password change?

I'm open to workarounds. How would this work in practice? Tell people to first login to a public facing web server and change their password before logging into globalprotect for the first time? In this scenario, what would happen if users skipped the first step and just logged into globalprotect with the initial passoword? Would globalprotect deny access?

From my experience, the password change option gets passed from the RADIUS server to the PAN then GP prompts the end user. Kind of like when windows on a domain asks you to change your password. I have seen this work with multi factor authentication where the user is asked to either create/change a pin for their token and/or change their password on first logon.

You can use your mobile or desktop device to reset your NCID password or unlock your NCID account at any time. Please note, however, that all NCID accounts that are locked automatically unlock after 30 minutes.

An accurate and up-to-date email address, and/or phone number ensure you never lose access to your X account. There are a few ways to change your password, and keeping this information up to date simplifies resetting your account or password.

3a8082e126