Accounts and IDs
Account Unlock and Password Change/Reset Instructions
Table of Contents
Unlocking your SLAC account
If your SLAC account becomes locked out, please contact the IT Service Desk by either visiting the onsite support desk located in Building 50 or by calling the IT Service Desk at (650) 926-4357(HELP).
If you do not know your current password, please contact the IT Service Desk to have your password changed.
We must verify your identity before assisting you with unlocking your account or changing your password by using one of the following methods.
- SLAC ID badge or another form of picture ID
- Stanford email
- Listed non-SLAC email listed in peoplesoft portal
- DUO Push
Before changing your password, please review the Computer Security Password Policy
Active Directory (Windows and macOS Account)
If you have both a SLAC Windows and macOS system, change your password from the macOS computer and do not make any password changes on your PC. The password on your PC will change automatically when it is next connected to the SLAC Network (onsite SLAC network or SLAC VPN). It is strongly suggested you do NOT change your password just prior to leaving SLAC for the day or weekend in case something should go wrong and you need help.
Users with SLAC macOS computers
Users on macOS 10.13 or above should change the password directly from the Mac. Make sure your computers are connected to the SLAC internal network or SLAC VPN using the Cisco AnyConnect application. Then go to System Preferences > Users & Groups > your user > Click "Change Password" button. This will update your keychain and FileVault password (which is crucial to ensuring you can access your computer).
If you do not have Cisco AnyConnect installed, or if you do not have access to use Cisco AnyConnect for VPN access (error: no dial-in permissions), please see the SLAC KB article on VPN access.
Users with SLAC Windows computers
Important: Be sure you are not logged onto a Windows machine in any other location (and do not have scheduled processes running) or after you change your password there will be a conflict causing your account to be locked. If you are not on SLAC's network, you will need to be on VPN before you change your password.
- Log into your account as usual, from a Windows machine.
- Once logged in, press the CTRL-ALT-DEL keys all at once.
- Select the "Change a password" option in the dialog box.
- Follow the prompt to change your password using the criteria above, using TAB or mouse to change fields.
- Windows password changes should go into affect immediately.
Users who do not have a SLAC Windows or SLAC macOS computer
You can reset your SLAC Active Directory (Windows) account password by visiting the Active Directory Password Change Form.
We do not recommend this password reset form be used if you have a SLAC Windows or macOS computer, as you will likely encounter painful password sync issues (especially on macOS).
Re-syncing Password
If you are offsite, you will need to have an active VPN connection to SLAC before you change your password. Once you are connected to VPN, you can lock your device and unlock your computer while connected to the network. This will allow the new password to sync. DO NOT use the website to change your password, as your new password won't sync to your computer. If that happens, you'll need to contact the SLAC IT Service Desk to fix the sync issue.
If you made this mistake using a SLAC Windows computer, you may be able to resolve the issue before reaching out to the SLAC IT Service Desk:
- Log onto your laptop (using the old password prior to changing it)
- Connect to the SLAC network or SLAC VPN (log in with your new password)
- Press CTRL + ALT + DEL
- Select "Lock Computer"
- Press CTRL + ALT + DEL again to log back into the system
- Enter your new password to unlock your system, this will sync your local laptop password so that it is the same as your network password.
Unix Account
If you have both a Unix account AND an Active Directory (Windows) account:
- Change your Unix password FIRST
- Note: The criteria for Unix account passwords are stricter than Active Directory.
- Change your Active Directory (Windows) password SECOND using the process described above
You can reset your SLAC Unix account password with two (2) different methods:
- Visit SLAC Unix Account Password Reset Form
- Note: You can use this form to change your Unix password, even if it has expired. (If you can't remember your password, please contact the IT Service Desk.)
- Log into your Unix shell on a Linux system (e.g. centos7.slac.stanford.edu).
- Using the criteria above, you can test a password using the command: /usr/local/bin/test_password
- $ /usr/local/bin/test_password
- Enter password to test (RETURN to exit):
- Password is OK
- To change the password type: password (or /usr/local/bin/password)
- e.g. for logged in account
- $ password
- e.g. for alternate account
- $ password mcariola-a
- e.g. for logged in account
- Follow the prompts to change your password.
- The change to the password takes place immediately.
- NOTE: If you use the /bin/passwd program, it will not change your login password in most cases -- rather it will claim the old password is incorrect.
- Using the criteria above, you can test a password using the command: /usr/local/bin/test_password
Oracle Account
Oracle passwords currently have a maximum length of 30 bytes.
Because they have a special meaning to the Oracle engine the following special characters are not to be used:
- forward slash (/)
- at-symbol (@)
- ampersand (&)
- space ( )
- double quote (“)
- single quote (‘)
If you have a problem changing your Oracle password, please contact the IT Service Desk.
Best practices for changing and setting passwords
Because of their open environments, many machines at educational institutions are vulnerable to attack. SLAC users logging in from these open environments or from machines provided by a conference should minimally use Secure Shell software (e.g. the Unix ssh command, Tera Term Pro in Windows) so their passwords are not sent in an unencrypted form. Users attending a conference where a secure login program such as ssh is not available should consider borrowing a laptop from the Help Desk (if you are not familiar with setting up IP addresses and modem properties in Windows, don't leave this until the last minute!).
Because it is impossible to know what software might REALLY be running on a machine in an open environment, it is a "best practice" to change your password after using an open-access machine.
Passwords for accounts at a single institution that have roughly the same level of security (e.g., Unix, Windows) may be the same, and there are reasonable productivity advantages from using the same password for all these systems. The password used for these systems should be different from that used for non-SLAC accounts you may have access to.
- Passwords must be 12 or more characters in length.
- DO NOT USE birthdays, names or other passwords which would be easy to guess, the idea is to choose something which does not reside in any dictionary or in any language.
- Never write your password down on paper or anything else which could be read by another person, i.e., DO NOT PUT A POST-IT WITH YOUR PASSWORD WRITTEN ON IT AND ATTACH IT TO YOUR MONITOR (or under your mouse pad).