=============================================================================== To Reset Password Or Unlock Account =============================================================================== If your account becomes locked (3 mistyped passwords in a row): https://passwords.gfdl.noaa.gov/ o Select "Unlock Account" o Your email appears with many characters starred out o Type in the challenge characters o Select all accounts (active directory & ldap) o Type in the challenge characters o After hitting "continue" you will receive an email with a link o Go to the link and your account will be unlocked =============================================================================== General Information About Passwords =============================================================================== DOCUMENTATION REGARDING PASSWORDS: http://www.gfdl.noaa.gov/passwords https://wiki.gfdl.noaa.gov/index.php/Passwords IMPORTANT: WHEN ADPASSWORD EXPIRES CRON JOBS STOP RUNNING =============================================================================== How To Change Passwords =============================================================================== PROCEDURE: (1) CHANGE NOAA PASSWORD (for ICAM/NEMS, etc.): [16 characters] https://accounts.noaa.gov Click "Login With User ID" [or option 2: "Login with PIV/CAC"] Login with First.Last & ICAM password [option 2: use CAC PIN instead] ** FROM NOW ON DO NOT CHANGE -- KEEP WITH LEADING 00 AND TRAILING PIN ** (2) FOR LDAP PASSWORD TO BE SYNCED TO GFDL PASSWORD CHANGE USING: [12 chars] https://passwords.gfdl.noaa.gov/ OR adpasswd This changes both active directory & ldap, but not NOAA/NEMS/ICAM. TO CHECK: "adquery user John.Lanzante -A" (3) THUNDERBIRD - Application Specific Passwords o Sign in at NEMS: https://accounts.google.com/ o On left click "Security" o Under "Signing in to Google" Below this click "App Passwords" o Then sign in again using ICAM password o Create 3 Application Specific Passwords TB GFDL TB iMAC TB Lenovo o Instructions (not needed) https://support.google.com/accounts/answer/185833?hl=en ............................................................................... OLD THUNDERBIRD -- NO LONGER APPLIES WITH TWO-STEP VERIFY ............................................................................... (0) THUNDERBIRD: (1) Edit --> Preferences --> Security --> Passwords --> Saved Passwords Highlight & remove both passwords Quit & Restart Thunderbird When it checks for new mail it will prompt for a password Enter password & check box "Use Password Manager to remember ..." (2) Attempt to send an email It will prompt for an outgoing server password Enter password & check box "Use Password Manager to remember ..." =============================================================================== Sites That Use Passwords =============================================================================== o VIRIDIAN: [USES GFDL PASSWORD] DONE AUTOMATICALLY -- NO LONGER NECESSARY -- SYNCHED TO GFDL PASSWORD Start --> Windows Security --> Change Password o HELPDESK: [USES GFDL PASSWORD] CHANGE PASSWORD STORED IN BROWSER FOR LOGIN https://help.gfdl.noaa.gov/ https://helpdesk-archive.gfdl.noaa.gov/ o CMS: [USES GFDL PASSWORD] CHANGE PASSWORD STORED IN BROWSER FOR LOGIN [NEMS password] https://www.gfdl.noaa.gov/index/cms-app o SERVICE DESK: [USES GFDL PASSWORD] CHANGE PASSWORD STORED IN BROWSER FOR LOGIN https://servicedesk.gfdl.noaa.gov/ o FTP: [USES LDAP PASSWORD] ftp.gfdl.noaa.gov o INTRANET: [USES GFDL PASSWORD] https://intranet.gfdl.noaa.gov/login o GMAIL: [USES ICAM PASSWORD]: CHANGE PASSWORD STORED IN BROWSER FOR LOGIN https://www.google.com/gmail/about/# =============================================================================== List Of Old Passwords =============================================================================== Linux Rose Jul 17, 2008 Last 2 characters 00 Aug 13, 2008 Last 2 characters 00 Sep 16, 2008 Last 2 characters 01 Nov 12, 2008 First 2 characters 01 Nov 12, 2008 First 2 characters 00 Nov 12, 2008 First 2 characters 00 Jan 14, 2009 First 2 characters 00/last a Feb 11, 2009 First 2 characters 01 First 2 characters 01 Apr 15, 2009 First 2 characters 01/last a May 12, 2009 First 2 characters 02 First 2 characters 02 Jul 13, 2009 First 2 characters 02/last a Aug 12, 2009 First 2 characters 03 First 2 characters 03 Oct 14, 2009 First 2 characters 03/last a Nov 10, 2009 First 2 characters 04 First 2 characters 04 Jan 11, 2010 First 2 characters 04/last a Feb 10, 2010 First 2 characters 05 First 2 characters 05 Apr 14, 2010 First 2 characters 05/last a May 12, 2010 First 2 characters 06 First 2 characters 06 Jul 16, 2010 First 2 characters 06/last a Aug 11, 2010 First 2 characters 07 First 2 characters 07 Sep 24, 2010 First 2 characters 08 First 2 characters 08 Nov 26, 2010 First 2 characters 09 First 2 characters 09 Jan 25, 2011 First 2 characters 09/last a Feb 25, 2008 First 2 characters 00 Feb 25, 2008 First 2 characters 10 First 2 characters 10 Apr 27, 2011 First 2 characters 10/last a May 28, 2011 First 2 characters 11 First 2 characters 11 Aug 24, 2011 First 2 characters 12 First 2 characters 12 Oct 20, 2011 First 2 characters 12 First 2 characters 12/last a Nov 23, 2011 First 2 characters 13 Jan 23, 2011 First 2 characters 13/last a Feb 22, 2012 First 2 characters 14 Apr 26, 2012 First 2 characters 14/last a May 23, 2012 First 2 characters 15 Jul 22, 2012 First 2 characters 15/last a Aug 22, 2012 First 2 characters 16 Oct 23, 2012 First 2 characters 16/last a Nov 21, 2012 First 2 characters 17 Jan 21, 2013 First 2 characters 17/last a Feb 20, 2013 First 2 characters 18 May 08, 2013 First 2 characters 18/last a May 22, 2013 First 2 characters 19 Jul 25, 2013 First 2 characters 19/last a Aug 21, 2013 First 2 characters 20 Oct 19, 2013 First 2 characters 20/last a Nov 20, 2013 First 2 characters 21 Jan 23, 2014 https://doc.csod.com/client/doc/default.aspx First 2 characters 21/last a Feb 19, 2014 First 2 characters 22 Apr 21, 2014 First 2 characters 22/last a Jun 4, 2014 First 2 characters 23 Aug 9, 2014 First 2 characters 23/last a Sep 7, 2014 First 2 characters 24 Sep 29, 2014 First 2 characters 25 Oct 2, 2014 First 2 characters 26 Dec 2, 2014 First 2 characters 27 Jan 31, 2015 First 2 characters 28 Feb 5, 2015 First 2 characters 28 [new scheme where "o" replaces "e"] Apr 6, 2015 First 2 characters 29 [new scheme where "o" replaces "e"] Jun 5, 2015 First 2 characters 30 [new scheme where "o" replaces "e"] Aug 3, 2015 First 2 characters 31 [new scheme where "o" replaces "e"] Oct 1, 2015 First 2 characters 32 [new scheme where "o" replaces "e"] Nov 30, 2015 First 2 characters 33 [new scheme where "o" replaces "e"] Jan 29, 2016 First 2 characters 34 [new scheme where "o" replaces "e"] Mar 29, 2016 First 2 characters 35 [new scheme where "o" replaces "e"] May 27, 2016 First 2 characters 36 [new scheme where "o" replaces "e"] Jul 26, 2016 First 2 characters 37 [new scheme where "o" replaces "e"] Sep 24, 2016 First 2 characters 38 [new scheme where "o" replaces "e"] Nov 23, 2016 First 2 characters 39 [new scheme where "o" replaces "e"] Jan 13, 2017 Special P@ssw0rd2017 Jan 17, 2017 First 2 characters 00 [new scheme where "o" replaces "e"] Mar 18, 2017 First 2 characters 01 [new scheme where "o" replaces "e"] May 17, 2017 First 2 characters 02 [new scheme where "o" replaces "e"] Jul 15, 2017 First 2 characters 03 [new scheme where "o" replaces "e"] Sep 13, 2017 First 2 characters 04 [new scheme where "o" replaces "e"] Nov 10, 2017 First 2 characters 05 [new scheme where "o" replaces "e"] Jan 8, 2018 First 2 characters 06 [new scheme where "o" replaces "e"] Mar 8, 2018 First 2 characters 07 ["o" replaces "e"]; ICAM/NEMS appends PIN May 4, 2018 First 2 characters 08 ["o" replaces "e"]; ICAM/NEMS appends PIN Jul 3, 2018 First 2 characters 09 ["o" replaces "e"]; ICAM/NEMS appends PIN Sep 1, 2018 First 2 characters 10 ["o" replaces "e"]; ICAM/NEMS appends PIN Oct 31, 2018 First 2 characters 11 ["o" replaces "e"]; ICAM/NEMS appends PIN Dec 26, 2018 First 2 characters 12 ["o" replaces "e"]; ICAM/NEMS appends PIN Jan 29, 2019 First 2 characters 12 ["o" replaces "e"]; ICAM/NEMS appends PIN Mar 29, 2019 First 2 characters 13 ["o" replaces "e"]; ICAM/NEMS appends PIN May 28, 2019 First 2 characters 14 ["o" replaces "e"]; ICAM/NEMS appends PIN Jul 27, 2019 First 2 characters 15 ["o" replaces "e"]; ICAM/NEMS appends PIN Sep 25, 2019 First 2 characters 16 ["o" replaces "e"]; ICAM/NEMS appends PIN Nov 23, 2019 First 2 characters 17 ["o" replaces "e"]; 00 ICAM & appends PIN Jan 22, 2020 First 2 characters 18 ["o" replaces "e"]; 00 ICAM & appends PIN Mar 21, 2020 First 2 characters 19 ["o" replaces "e"]; 00 ICAM & appends PIN May 20, 2020 First 2 characters 20 ["o" replaces "e"]; 00 ICAM & appends PIN Jul 18, 2020 First 2 characters 21 ["o" replaces "e"]; 00 ICAM & appends PIN Sep 16, 2020 First 2 characters 22 ["o" replaces "e"]; 00 ICAM & appends PIN Nov 14, 2020 First 2 characters 23 ["o" replaces "e"]; 00 ICAM & appends PIN Jan 13, 2021 First 2 characters 24 ["o" replaces "e"]; 00 ICAM & appends PIN Mar 13, 2021 First 2 characters 25 ["o" replaces "e"]; 00 ICAM & appends PIN May 12, 2021 First 2 characters 26 ["o" replaces "e"]; 00 ICAM & appends PIN Jul 10, 2021 First 2 characters 27 ["o" replaces "e"]; 00 ICAM & appends PIN Sep 8, 2021 First 2 characters 28 ["o" replaces "e"]; 00 ICAM & appends PIN Nov 6, 2021 First 2 characters 29 ["o" replaces "e"]; 00 ICAM & appends PIN Jan 5, 2022 First 2 characters 30 ["o" replaces "e"]; 00 ICAM & appends PIN Mar 6, 2022 First 2 characters 31 ["o" replaces "e"]; 00 ICAM & appends PIN May 4, 2022 First 2 characters 32 ["o" replaces "e"]; 00 ICAM & appends PIN Jul 3, 2022 First 2 characters 33 ["o" replaces "e"]; 00 ICAM & appends PIN Sep 1, 2022 First 2 characters 34 ["o" replaces "e"]; 00 ICAM & appends PIN Nov 1, 2022 First 2 characters 35 ["o" replaces "e"]; 00 ICAM & appends PIN Dec 29, 2022 First 2 characters 36 ["o" replaces "e"]; 00 ICAM & appends PIN Feb 28, 2023 First 2 characters 37 ["o" replaces "e"]; 00 ICAM & appends PIN Apr 29, 2023 First 2 characters 38 ["o" replaces "e"]; 00 ICAM & appends PIN Jun 28, 2023 First 2 characters 39 ["o" replaces "e"]; 00 ICAM & appends PIN Aug 26, 2023 First 2 characters 40 ["o" replaces "e"]; 00 ICAM & appends PIN Oct 24, 2023 First 2 characters 41 ["o" replaces "e"]; 00 ICAM & appends PIN Dec 23, 2023 First 2 characters 42 ["o" replaces "e"]; 00 ICAM & appends PIN Feb 20, 2024 First 2 characters 43 ["o" replaces "e"]; 00 ICAM & appends PIN Apr 19, 2024 First 2 characters 44 ["o" replaces "e"]; 00 ICAM & appends PIN Jun 18, 2024 First 2 characters 45 ["o" replaces "e"]; 00 ICAM & appends PIN Aug 17, 2024 First 2 characters 46 ["o" replaces "e"]; 00 ICAM & appends PIN Oct 16, 2024 First 2 characters 47 ["o" replaces "e"]; 00 ICAM & appends PIN Dec 14, 2024 First 2 characters 48 ["o" replaces "e"]; 00 ICAM & appends PIN Feb 12, 2025 First 2 characters 49 ["o" replaces "e"]; 00 ICAM & appends PIN Apr 12, 2025 First 2 characters 50 ["o" replaces "e"]; 00 ICAM & appends PIN Expires: Thu Jun 12 03:20:08 2025 GFDL: Two-digit number, then usual word (1st letter capital), then special character, then fav digit twice. NOTE: For ICAM, as for GFDL, "o" replaces "e". =============================================================================== Thunderbird Two-Step Verification =============================================================================== For two-step: * NUMS for 2-step save at: *GFDL *Ewing *Verizon *ftp *print *USB * webmail contacts save at: *GFDL *Ewing *Verizon https://doc.csod.com/client/doc/default.aspx Documentation: https://www.gfdl.noaa.gov/passwords Settings: https://accounts.google.com/b/0/SmsAuthSettings#devices pkfe wvkr reze tryo --> TB GFDL [ENTER WITHOUT SPACES] Nov 23, 2019 shde mpjp vrbm vcmc --> TB iMAC [ENTER WITHOUT SPACES] Nov 23, 2019 hqkb ouef ipcb bbrk --> TB Lenovo [ENTER WITHOUT SPACES] Nov 23, 2019 =============================================================================== RSA Fob PIN =============================================================================== Dec 2, 2011 First 4 characters of ususal GFDL password (all lowercase) Jul 27, 2021 followed by my usual PIN. Dec 31, 2023 Expires: Nov 30, 2027 =============================================================================== Gaea Master Certificate Pass Phrase =============================================================================== From GFDL using CAC: sshg3 analysis sshg3 gaea From VNC using RSA fob: ssha --> Alias for ssh analysis sshg --> Alias for ssh gaea ............................................................................... Dec 2, 2011 THREE SEPARTE WORDS (SPACES BETWEEN EACH): 1) First 4 letters of usual GFDL password (all lowercase) 2) MY PIN 3) My favorite digit twice Dec 4, 2011 Regenerated same pass phrase Nov 12, 2012 Regenerated same pass phrase Oct 18, 2013 Regenerated same pass phrase Sep 20, 2014 Regenerated same pass phrase Aug 31, 2015 Regenerated same pass phrase Aug 8, 2016 Regenerated same pass phrase Jul 31, 2017 Regenerated same pass phrase Jul 30, 2018 Regenerated same pass phrase Jul 29, 2019 Regenerated same pass phrase Jul 27, 2020 Regenerated same pass phrase Jul 20, 2021 Regenerated same pass phrase Jul 18, 2022 Regenerated same pass phrase Jun 21, 2023 Regenerated same pass phrase Jun 24, 2024 Regenerated same pass phrase Feb 27, 2025 Regenerated same pass phrase =============================================================================== Swipe Card =============================================================================== Renewed thru expiration of CAC? =============================================================================== CAC Card =============================================================================== /home/jrl/folder/serious/FED_GOV/POLICY/cac_id_card New ID card was issued May 16, 2012 The pin is 6 numbers: o 1st 4 --> My usual 4-digit pin o 2nd 2 --> My favorite digit twice VERY IMPORTANT: Your card will be locked if you enter your PIN incorrectly on 3 consecutive trys. After 2 incorrect trys, if you get it right on the 3rd try, your error count will reset back to 0. The wrong PIN count is also recorded over separate sessions so putting one wrong pin on Monday, Tuesday, and Wednesday will result in a lock-out unless you put the correct PIN in between one of those sessions. PINs can only be reset at a Card Renewal/Deployment Station such as: Fort Dix, Bordentown National Guard, and I believe Fort Monmouth. =============================================================================== NOAA vs. GFDL PASSWORDS =============================================================================== o There are now 2 passwords plus a CAC PIN. o NOAA email account and credential infrastructure was previously referred to as NEMS but it is now called ICAM. o The NOAA (ICAM) password is applicable to logging in to the Gmail web interface, Thunderbird the help desk, the help desk archive, CMS, the ECMWF MOS experimental webpage. o The GFDL (linux) password is applicable to logging into the GFDL system (such as linux workstations, public MACs & windows machines and the Redstone server). For these purposes the CAC with PIN can be used as well. o There are two options for signing in to ICAM sites: 1) First.Last with ICAM password 2) CAC with CAC PIN If you are prompted to select a certificate choose the EMAIL option. o To change the NOAA password use "change-password". To change the GFDL password use "adpasswd", or wait 60 days until it prompts you to change the password when you log in. The NOAA password expires every 90 days, the GFDL password every 60 days. o After resetting the GFDL password, you have to wait 2 (3?) days before resetting it again. Thus, if there is a reset and you are given a temporary password, you must use it for 2 (3?) days. o Password to re-enter from the screen-saver prompt: * If you logged in with a CAC then enter your CAC pin [be sure CAC is in the card reader] * If you logged in with a GFDL password then enter the GFDLpassword [be sure CAC is NOT in the card reader] o If you incorrectly type in your CAC PIN 3 times in a row your CAC is locked out and you need to have your CAC PIN reset using a special machine. Ron Henne is the only authorized user. [the 3 times can occur during different sesions, on different machines. If you are afraid you are about to be locked out open a Rose server session using the "-r scard" option -- then login using your CAC PIN. You can access the Rose by terminating a login session, removing your CAC card from the reading, and logging in using your GFDL password -- then use "-r scard". o If you incorrectly type in your GFDL password 3 times in a row your account GFDL account is locked out and must be reset (contact OPS). o Currently the MACs are not CAC enabled -- use your NOAA password [9/29/2014] o To access the Rose server using a CAC card reader: * Example for which GFDL password is appropriate: winmgrs rdesktop rose -r scard -a 24 -g 1280x1024 & These do not employ a CAC card reader: * Examples for which NOAA password is appropriate: winmgr rdesktop rose -a 24 -g 1280x1024 & winmgrmac rdesktop rose -a 24 -g 90% & o Active directory: centrify way of account verification -- it supercedes ldap. * adinfo, adquesry & dzinfo provide information. adquery user jrl -A * adinfo indicates whether the machine is connected to active directory; if it gets disconnected then it can still verify if the info is cached; it the cache is wiped then the users gets disconnected. * I have 3 accounts: CAC (with # on back of my CAC card), jrl and John.Lanzante *** THESE MORE RESTRICTIVE RULES DO NOT APPLY *** o Active Directory Passwords 1. At least 1 Upper Case Letter 2. At least 1 Lower Case Letter 3. At least 1 Number 4. At least 1 Symbol (can't be first character) 5. Rules 1-4 must be within the first 8 characters 6. Must be 12 or more characters 7. No dictionary words 8. Do not use initials, usernames, or domain names (NOAA, GFDL, etc.) 9. Do not create with CAPS lock on =============================================================================== Gitlab =============================================================================== Created Jun 24, 2028: glpat-z7Tzpu-b_AJW5CndSU5p https://gitlab.gfdl.noaa.gov/-/user_settings/personal_access_tokens =============================================================================== Employee Personel Page (EPP) =============================================================================== ------------------------------------------------------------------------------- Current EPP Credentials ------------------------------------------------------------------------------- o Current passwd: prez = 1 spec = * numb = 0 o Username: John.Lanzante o EPP Site: https://www.nfc.usda.gov/epps/index.aspx ------------------------------------------------------------------------------- Constructing EPP Password ------------------------------------------------------------------------------- o My new scheme * 12 character password with the 1st 10 being a president * Cycle through presidents in order * If a president has less than 10 characters I repeat the name * Do not use a repeated name of a president * Use the 10 characters in reverse order, capitalizing the first letter * 11th character is a special character (see above) * 12th character is a number (see above) o An example President is Dixon dixondixon Noxidnoxid*0 ----------|| | || prez spec numb o Linux to reverse 10 characters "echo dixondixon | rev" yields: noxidnoxid o Ordered list of presidents 1 Washington 2 Adams 3 Jefferson 4 Madison 5 Monroe 6 Adams **NG** 7 Jackson 8 Van Buren 9 Harrison 10 Tyler 11 Polk 12 Taylor 13 Fillmore 14 Pierce 15 Buchanan 16 Lincoln 17 Johnson 18 Grant 19 Hayes 20 Garfield 21 Arthur 22 Cleveland 23 Harrison 24 Cleveland **NG** 25 McKinley 26 Roosevelt 27 Taft 28 Wilson 29 Harding 30 Coolidge 31 Hoover 32 Roosevelt **NG** 33 Truman 34 Eisenhower 35 Kennedy 36 Johnson **NG** 37 Nixon 38 Ford 39 Carter 40 Reagan 41 Bush 42 Clinton 43 Bush **NG** 44 Obama 45 Trump 46 Biden ------------------------------------------------------------------------------- *** Resetting EPP Password *** ------------------------------------------------------------------------------- o Navigate to the EPP login page and select "Sign in with EPP Account." o Click the "Forgot Your Password?" link from the EPP login page. o Provide your user ID and date of birth and click "Submit." o Complete the two-step authentication verification. o Select the email you wish to send reset instructions to & click "Continue." o A confirmation message will display, read and click "Continue". Check your email for the reset password email with instructions. o Click on the link in the email which will take you to the "Reset Your Password" page. o Enter your user ID and click "Submit." o Enter your new password into the fields on the "Please reset your password" page and click "Reset Password." These instructions come from: https://enterpriseservices.servicenowservices.com/esc?sys_kb_id=87864ff41b37245020ee63dbe54bcbf5&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=16e897e61bdf341020ee63dbe54bcbd9 ------------------------------------------------------------------------------- Password Restrictions ------------------------------------------------------------------------------- o Must be 12 to 16 characters, o Must contain at least 1 character from the 4 following categories: * English upper case letters (A-Z) * English lower case letters (a-z) * Westernized Arabic numerals (0-9) * Special characters limited to: ! # $ % * _ + o Cannot contain your first name, last name, User ID, or Ssn, o Cannot match your current or 24 prior passwords. o At least 5 characters must be changed. o JRL: I found that just moving around blocks of characters fails Restrictions make it much more difficult to just change a few characters ------------------------------------------------------------------------------- Security Questions - May No Longer Be Valid? ------------------------------------------------------------------------------- 1. What year did you graduate High School 2. What year was your father born 3. What year was your mother born 4. What is the street number of the house you grew up in 5. What street did you live on in third grade 6. What school did you attend for sixth grade ===============================================================================