Document Actions
7.
Passwords
Up one level
Passwords for new user accounts may be either random passwords generated automatically by the OpenEngagement CMS or may be specified by the user who created the user account. In the latter case, users should change their password to something only they know, which can be done by going to the Preferences page, and clicking the Change Password link.
To specify that the OpenEngagement CMS should generate passwords automatically, users can go to Site Setup, Portal Settings. If this is selected, the user's password will be sent to them. This password will be very secure, and users should be encouraged to use it if they can reliably remember it. Otherwise, they should change it.
The OpenEngagement DMS also has a Forgot Your Password tool, where users may enter their username and their password will be emailed to them. Users should check this works properly when first logging into the DMS.
It is also possible for Managers and Site Managers to reset the passwords of any user. This is done in the Users and Groups Administration page.
Passwords are used by the DMS, KMS, Go-Between and Quick Upload.
Passwords for Administrator user accounts (available with Local Solutions) can be changed in: http://<servername>:8080/acl_users/manage_main. From there, click on the users link and then the name of the user account for which you wish to change the password.
It is very important that all users specify secure passwords. This means passwords that others can not guess and can not derive by running a script that executes a dictionary attack. A dictionary attack is where a script tries, one at a time, hundreds of thousands of passwords for a given user account. Doing this, if the password is weak, such as 'abc' or a word in the dictionary (hence the name of the attack), a person can often within one or two weeks determine a user's passwords. If strong passwords are used, which are at least 6 characters long and contain both letters and numbers, these sort of attacks generally take years to execute and are therefore not practical.