Define the Password for a User
When you enable the system security (see Define the Default Security Settings for New User Accounts) each user account can be configured to have a password. This makes it more difficult for unauthorized users to gain access to the system. The level of security that is enabled determines the length and complexity of the password that has to be configured for each user.
When a new user account is created it is allocated a randomly generated password that needs to be reset by the System Administrator before the account can be used by the user. This includes user accounts that are created when a database is imported (see Import Database Items).
To define the password settings for a user account:
- Display the User Form.
On User Pattern Forms, the Password and Pre-expired properties are 'grayed out' and unavailable for use. This is because the properties do not apply to the User Patterns themselves; they only apply to the User accounts for which the User Patterns define other settings.
- Select the General tab and scroll down to the Password settings.
- Select the browse button next to the Password field to display the Reset Password window.
If the Server Security settings allow you to associate a user with a Windows or LDAP User Profile, you can only define the password for a ClearSCADA user account if the Use External Authentication setting is clear on the User Form. If the Use External Authentication setting is selected (enabled), the password for the user account has to be configured for the corresponding Windows or LDAP User Profile. For more information, see Define whether a User is Associated with a Windows or LDAP User Profile.
- Enter the new password for the user account in the New Password field. When the password matches either the default security criteria or individual user security settings a green tick appears.
The password settings are affected by the Security settings that are defined on the Server Configuration Tool. For more information, see Define the Default Security Settings for New User Accounts.
- Enter the new password for the user account in the Confirm Password field. The password has to be identical to the password you entered in the New Password field (so you can be sure you entered the password correctly).
If you have created a password blacklist, ClearSCADA checks the passwords against the blacklist, if the passwords are rejected the following dialog is displayed:
Select OK and re-enter alternative passwords.
- When the passwords are accepted select the OK button to confirm the changes or select the Cancel button to abort the Change Password procedure. The user needs to be informed of the password to allow them to log on.
- Use the Pre-expired check box to define whether the user of this account is prompted to create a new password the first time they log on via this account. If you select the Pre-expired check box, the user will be prompted to create a new password; if you leave the Pre-expired check box clear, the user will not be prompted to create a new password when they log on, and they will have to use the password defined in the configuration of the user account.
The Pre-expired feature is designed to make users create their own passwords when they are first allocated a user account. As the users create their own passwords, it means the person who originally created the user accounts does not know other users’ passwords.
Example:
An administrator creates a user account for John Taylor and configures a password for the account. The password is only designed to be temporary and should be changed by John Taylor when he first logs on. The administrator selects the Pre-expired check box so that John Taylor is prompted to create a new password when he first logs on.
The password that John Taylor enters replaces the temporary password that was defined and given to him initially by the administrator during the configuration of the account. If the administrator did not select the Pre-expired check box during the configuration, John Taylor would have had to log on using the same password that was defined by the administrator.
The Pre-expired feature is useful when a user has forgotten a password and requires a new one - an administrator can reconfigure the account with a new password and select the Pre-expired box. When the user logs on, they are prompted to enter a new password that is not known to the administrator and overrides the temporary password defined by the administrator. The Pre-expired feature is also useful when creating new user accounts for the same reason.