Career Account Password - "CAPW"
- ajmankey
There are several different sets of password credentials that Purdue users may have, but the career account password is by far the most frequently referenced.
Some other types of passwords are:
- Onboarding Password or the I-9 Password for the HR system
- Slate Admissions Portal password with the Office of Admissions
- myPurdueProxy credentials for parents with the Office of the Registrar
- Boilerkey Credentials, technically a 'passphrase' but it's used by everyone
- 'secure' admin credentials
- LADMIN password credentials used by CSDS
- DADMIN password credentials used by CSDS
- OUADMIN password credentials used by multiple departments
- AzureAD password credentials used by multiple departments
Career Account Password Requirements
There are multiple ways and tools that can be used to set a Career Account Password for a user, however, regardless of how the password is set, some systems won't accept certain values for the password.
NOTE: O365 will NOT accept a password that is OVER 16 characters in length, it will also not allow some special characters in certain spots of the password.
NOTE: PAL 3.0 sometimes enforces a 90 day password restriction, and will not allow some special characters.
NOTE: The Grad School Database & Plan of Study Generator both will now allow passwords older than 90 days to be used, a new one will need to be set.
NOTE: There are more restrictions, I don't remember them all right now.
When assisting a user in setting a password, we want to make SURE that it is a password that will work across all systems. The last thing we want is for a user to call right back, upset because the password they set with us didn't work.
To ensure the password that your user is setting works across ALL Purdue systems without issue, it must:
- Be 9-12 CHARACTERS in length
NOTE: 16 is fine for most systems, but there's one out there somewhere that won't accept over 12, but I can't remember which... - Contain at least 1 LOWERCASE LETTER
- Contain at least 1 UPPERCASE LETTER
- Contain at least 1 NUMBER
- Contain NO SPECIAL CHARACTERS
- Contain at least 4 'unique' characters.
Ex. 'Banana' would not work (ignoring the number requirement for a moment) - Not have been used in the last year
Ex. It will also reject passwords that are TOO SIMILAR to previously used ones - Not contain any part of their name
- Not contain 'common' words like 'Purdue' or 'Boiler' etc
ADDENDUM: For both PAL 3.0 and O365, punctuation characters MAY be acceptable in passwords, but other 'special' characters will still likely cause problems in these systems.
At a later point, they can choose to use a more exotic password, but when working with us, they should use a password with universal acceptance across all systems
Setting a new Career Account Password
There are multiple tools available to the CSC that can be used to set a new password for a user, each has pros & cons. Match your choice of tool to the task at hand, consider things like time, functionality, permissions, complexity, and difficulty for the user.
- The AccountSetupReset tool
- The ChangePassword tool
- The ResetPassword tool
- A temporaryPassword set by a CSC Specialist
- The change password tool accessed through Ctrl+Alt+Del on a Purdue supported and networked computer
A 'raw text' explanation of some of the issues with the Career Account Password system... in all it's glory, raw and uncooked...
Okay, "WHY don't the listed password requirements not match the 'actual' password requirements?"
So the pages where you set a career account password (AccountSetup, ChangePassword, ResetPassword, etc) and then the system that those plug into... it hasn't been caught up and updated fully in years.
Those 'webpages' aren't actual webpages, it's a computer program that's just 'pretending' to be a webpage. To change even a single word on one of those 'webpages' you would have to recompile and deploy the whole thing... even to change a single word... This costs time and money that the IAMO account team have not been able to get authorized, it's also 'low priority' in the grand scheme of things. Also, the programmer for this quit in the middle of the pandemic, so it will be a long while before someone gets up to speed on it enough to fix/replace it.
This is how almost all the IAMO webpages/tools are set up, one giant program... that's why it's such an impossibility to get them to change/update something...
So in the time SINCE this system was last updated, Purdue has added Boilerkey, the BoilerAD domain, the AzureAD domain, and also we've switched over to using O365 for email service.
MOST of the problems that we're going to see with a password that is 'accepted' by the password tool, but fails when it gets to O365...
But 'Why doesn't it tell me it failed to sync when I set a password?'
First off, the password tools haven't been updated, so they don't have the functionality to even REALIZE the password has failed to sync across all systems...
Even if it DID though, there's a time lag...
When you set a Career Account Password (CAPW) on one of these tools,
it syncs that password out to the BoilerAD domain...
from there, the password gets sync'd to the existing OnePurdue domain...
from there it gets sync'd to the PED (Purdue Electronic Directory) which then it turn...
syncs to AzureAD... which is what ACUTALLY does the password authentication for O365 email and such...
This process can take 1 minute... or 30+ on a good day... a bad day... it may never sync...
SO... if the password carries all the way through, but then fails due to:
- length over 16 characters (which gets truncated)
some illegal character (just fails outright)
or just fails...
Not only is there no way for it to get a message back to the webpage tool you were using, it may not get there for 30 minutes... or more....