Forgotten Passwords

Question:  How do I recover a forgotten password?

Answer:    We do not have the ability to retrieve a forgotten password.  If you feel you have entered the correct password but the system still does not recognize the password it might be for one of the following reasons:

  • The account name was mistyped.  The account name is a maximum of 8 characters.  Typically your first initial, middle initial and the first six characters of your last name.  Do not add the "@colby.edu", this is not part of the account name. You will get a complaint similar to "account does not exist" from the software.
  • When typing your password make sure you have the correct upper / lower case and special characters.  Passwords are case sensitive.
  •  The account exists, but has been locked out by ITS. In this case, the password is still there and valid -- you just can't use the account. ITS will lock out accounts because of a virus or because of security reasons if the user has ignored our repeated requests to get the workstation off the network and cleaned up.  This is done only as a last resort. Contact the Faculty Staff Support Center (support@colby.edu) or Student Computer Services (scshelp@colby.edu) for further information.
  •  The account exists and is valid, but the password is invalid. In this case, the password was never initially set for the account or the password has been invalidated by ITS for security reasons. If you previously had a password and get the "password invalid" message, then continue reading to find out how to get a new password.

User name and password hints:

  •  Your username is eight characters or less, all lowercase. If your name is John C. Smith, then your userid is likely something like "jcsmith". It is not "jcsmith@colby.edu"; that is your email address.
  •  Your password is case-sensitive and must have met the following requirements: (a) a minimum of eight characters, (b) one or more punctuation characters, (c) The non-punctuation characters cannot be a word in a dictionary, or any part of your name. 
  •  Since passwords are case-sensitive, check that you haven't accidently gotten the "caps lock" key mashed down, thereby giving upper-case characters

Still need help?

If you are off-campus (especially if you are abroad), send email to either the Faculty Staff Support Center at (support@colby.edu) or to Student Computer Services (scshelp@colby.edu) telling them that you are having authentication problems. Please tell them (a) what service or machine you tried to authenticate to, eg the Web page URL; (b) what error message you got, if any; (c) where you are physically; (d) where you are on the Internet (domain name and/or IP number), if you know.  This information will help us troubleshoot your particular problem.

• Do not send passwords via email. Do not ask ITS staff to send you a password via email. If you do email anyone in ITS your password, your password will be invalidated -- insuring that you are locked out. ITS will not use email to transmit passwords because email is not secure.

If it gets to the point where you really do need to set a new password, please come to ITS ( Lovejoy 101 or Lovejoy 105). Please bring a photo ID, so we can verify who you are. If you are at a remote location and cannot come to Lovejoy,  Please call 207-859-4204 or  207-859-4206 and set up a time for which you can work with someone to set your password.   We will ask you questions until we are convinced that we are talking to the actual owner of the account, since you cannot show a photo ID by phone. To repeat -- ITS will NOT set a password by email.

Why can't  ITS simply look up your forgotten password and give it to you? Because passwords are one-way encrypted. Even ITS has no access to your password. How does the process of authentication work with one-way encryption? The encryption process guarantees that (a) a given password will always generate the same unique encrypted string, and (b) no process can be applied to the encrypted string that will divulge the original password.

The piece of information about your password that is stored in the computer is the encrypted string, not the original password. When you authenticate, you type in the password, it is encrypted, and the result is compared to the encrypted string saved for your account. If they match, then you entered the correct password and you are in. If they don't match, then you are denied access. To add a level of security, the file(s) containing the encrypted strings are themselves encrypted, so that administrators don't have access to the information either.