Setting up and changing your password
Setting up your password
How it works
The password checking process never transfers passwords in plain text. We take a 5 character prefix of a user's hashed password then use the k-anonymity model to get a list of suffixes from the haveibeenpwned.com service. We compare the suffix of the user's hashed password with the equivalent suffixes of compromised passwords. If there is a match the password entered has been compromised and should not be used. We will alert users to this fact and ask them to enter a new password. All communications with the service are sent over TSL and we never send your password to any other user or service.
Why we do this
Password reuse is commonplace because it is easy, but it is extremely risky. Hackers use a technique called credential stuffing to enter known username/password combinations in other systems. The haveibeenpwned.com database contains over 500 million passwords used by these breached accounts. Using any of these puts your account at a much higher risk.
Guidance from the National Cybercrime Security Centre also promotes the blacklisting of the most common password choices.
You can also use haveibeenpwned.com to see if your email account has been compromised in a public data breach.
Recording device ID
We record the device ID, IP address, operating system, and browser of users when they login and store this against a user's account. We will then alert you via email if a new device is used. You can view a list of your devices in ‘My Account’ and ‘Devices’. Any unusual activity can be reported to your administrator or [email protected]
Resetting your password
If you have forgotten your password for IDS, click the ‘Forgot your password?' link on the login screen.
On the forgot password page, you will be instructed to type in your email address and click ‘continue’. If a matching account was found, then an email will be sent to your email address. Click the unique link in the email to input a new password.
Changing your password
You can change your password at any time via the ‘My Account’ tab. Go to ‘My Account details’ to change your password. Your new password must meet the criteria described above.