Unlocking your SLAC account

If your SLAC account becomes locked out, please contact the IT Service Desk by either visiting the onsite support desk located in Building 50 or by calling the IT Service Desk at (650) 926-4357(HELP).

If you do not know your current password, please contact the IT Service Desk to have your password changed.

We must verify your identity before assisting you with unlocking your account or changing your password by using one of the following methods.

• SLAC ID badge or another form of picture ID
• Stanford email 
• Listed non-SLAC email listed in peoplesoft portal
• DUO Push

Before changing your password, please review the Computer Security Password Policy

Active Directory (Windows and macOS Account)

If you have both a SLAC Windows and macOS system, change your password from the macOS computer and do not make any password changes on your PC. The password on your PC will change automatically when it is next connected to the SLAC Network (onsite SLAC network or SLAC VPN). It is strongly suggested you do NOT change your password just prior to leaving SLAC for the day or weekend in case something should go wrong and you need help.

Users with SLAC macOS computers

Users on macOS 10.13 or above should change the password directly from the Mac. Make sure your computers are connected to the SLAC internal network or SLAC VPN using the Cisco AnyConnect application. Then go to System Preferences > Users & Groups > your user > Click "Change Password" button. This will update your keychain and FileVault password (which is crucial to ensuring you can access your computer).

If you do not have Cisco AnyConnect installed, or if you do not have access to use Cisco AnyConnect for VPN access (error: no dial-in permissions), please see the SLAC KB article on VPN access.

Users with SLAC Windows computers

Important: Be sure you are not logged onto a Windows machine in any other location (and do not have scheduled processes running) or after you change your password there will be a conflict causing your account to be locked. If you are not on SLAC's network, you will need to be on VPN before you change your password.

1. Log into your account as usual, from a Windows machine.
2. Once logged in, press the CTRL-ALT-DEL keys all at once.
3. Select the "Change a password" option in the dialog box.
4. Follow the prompt to change your password using the criteria above, using TAB or mouse to change fields.
5. Windows password changes should go into affect immediately.

Users who do not have a SLAC Windows or SLAC macOS computer

You can reset your SLAC Active Directory (Windows) account password by visiting the Active Directory Password Change Form.

We do not recommend this password reset form be used if you have a SLAC Windows or macOS computer, as you will likely encounter painful password sync issues (especially on macOS).

Two Special Cases requiring VPN

1.  If you only have one SLAC computer and it is not on SLAC's internal network (it's at home, on Stanford campus, you're traveling, etc.) when you need to change your password, then you must have an active VPN connection to SLAC before you change your password.
2. If you have a SLAC computer onsite and a second SLAC computer that is not on SLAC's internal network, then you should change your password on the computer that is not on SLAC's internal network. You will need to have an active VPN connection to SLAC before you change your password.

In both cases, follow steps 2-5 under the "To change your password in Windows:" section above to change your password. DO NOT use the website to change your password, as your new password won't sync to your computer. If that happens, you'll need to contact the SLAC IT Service Desk to fix the sync issue.

If you made this mistake using a SLAC Windows computer, you may be able to resolve the issue before reaching out to the SLAC IT Service Desk:

1. Log onto your laptop (using the old password prior to changing it)
2. Connect to the SLAC network or SLAC VPN (log in with your new password)
3. Press CTRL + ALT + DEL
4. Select "Lock Computer"
5. Press CTRL + ALT + DEL again to log back into the system
6. Enter your new password to unlock your system, this will sync your local laptop password so that it is the same as your network password.

Unix Account

If you have both a Unix account AND an Active Directory (Windows) account:

1. Change your Unix password FIRST
   
   • Note: The criteria for Unix account passwords are stricter than Active Directory.
2. Change your Active Directory (Windows) password SECOND using the process described above

You can reset your SLAC Unix account password with two (2) different methods:

1. Visit SLAC Unix Account Password Reset Form
   
   1. Note: You can use this form to change your Unix password, even if it has expired. (If you can't remember your password, please contact IT Services.)
2. Log into your Unix shell on a Linux system (e.g. centos7.slac.stanford.edu or rhel6-64.slac.stanford.edu).
   
   1. Using the criteria above, you can test a password using the command: /usr/local/bin/test_password
      
      1. $ /usr/local/bin/test_password
      2. Enter password to test (RETURN to exit):
      3. Password is OK
   2. To change the password type: password (or /usr/local/bin/password)
      
      1. e.g. for logged in account
         
         1. $ password
      2. e.g. for alternate account
         
         1. $ password mcariola-a
   3. Follow the prompts to change your password.
   4. The change to the password takes place immediately.
   5. NOTE: If you use the /bin/passwd program, it will not change your login password in most cases -- rather it will claim the old password is incorrect. 
      

Oracle Account

Oracle passwords currently have a maximum length of 30 bytes.

Because they have a special meaning to the Oracle engine the following special characters are not to be used:

• forward slash (/)
• at-symbol (@)
• ampersand (&)
• space ( )
• double quote (“)
• single quote (‘)

If you have a problem changing your Oracle password, please contact the IT Service Desk.

Best practices for changing and setting passwords

Because of their open environments, many machines at educational institutions are vulnerable to attack. SLAC users logging in from these open environments or from machines provided by a conference should minimally use Secure Shell software (e.g. the Unix ssh command, Tera Term Pro in Windows) so their passwords are not sent in an unencrypted form. Users attending a conference where a secure login program such as ssh is not available should consider borrowing a laptop from the Help Desk (if you are not familiar with setting up IP addresses and modem properties in Windows, don't leave this until the last minute!).

Because it is impossible to know what software might REALLY be running on a machine in an open environment, it is a "best practice" to change your password after using an open-access machine.

Passwords for accounts at a single institution that have roughly the same level of security (e.g., Unix, Windows) may be the same, and there are reasonable productivity advantages from using the same password for all these systems. The password used for these systems should be different from that used for non-SLAC accounts you may have access to. 

1. The password for Windows must contain characters from at least 3 of the sets and must not contain a string derived from your name or userid. For best results, do not place the unusual characters only at the beginning or end of the password. Note that some systems (e.g. VMS and Oracle) may treat upper and lower case characters in the password as the same. There also may be some restrictions on the special characters (Oracle does not allow slash (/), at-symbol (@), ampersand (&), or quote (") in passwords).
2. DO NOT USE birthdays, names or other passwords which would be easy to guess, the idea is to choose something which does not reside in any dictionary or in any language.
3. Never write your password down on paper or anything else which could be read by another person, i.e., DO NOT PUT A POST-IT WITH YOUR PASSWORD WRITTEN ON IT AND ATTACH IT TO YOUR MONITOR (or under your mouse pad).

Password Reset Flowchart