Body
https://appsprod.tamuc.edu/PasswordReset/Default.aspx
Please note that some of the images may show wording from an earlier version of this application.
User Validation: Step 1
User must select a tab at the top (Student or Faculty/Staff) and fill in all four fields and check the “I’m not a robot” check box and complete the Google Recaptcha that pops up as shown below.
I’m not a robot
Clicking in the “I’m not a robot” checkbox may bring up a Google service that verifies the user is a person by asking them to select several items based on selection criteria. The images and criteria are different each time.
After completing the form, clicking the Submit button completes the first phase of user validation. If the user is not recognized, they will see this message:
User Validation: Step 2
After the system validates the user exists (first phase), it then will request additional information from the user to verify they are who they say they are. This is the same process that the HelpDesk goes through verbally with a caller. There are three possibilities: cell phone, email, SSN.
Cell Phone
If the system sees that the user has a cell phone on their account, it asks for their cell phone number.
The user must enter the same cell phone number that is associated with the account.
If the number is not the same, they will see this error message:
Personal Email
If the system sees that the user does not have a cell phone on their account but does have a personal (non-TAMUC) email, it asks for the personal email address.
The user must enter the same personal email address that is associated with the account.
If the email is not the same, they will see this error message:
Last Four of SSN
If the system sees that the user does not have a cell phone on their and does not have a personal (non-TAMUC) email, but the user does have an SSN on their account, the tool asks for the last four digits of the SSN.
The user must enter the last four digits of the SSN that is associated with the account.
If the last four of the SSN does not match, they will see this error message:
Change The Password
The Unique Password Reset Link
If the user successfully completes the second phase of the validation and they user had a cell phone or personal email address, a custom link will be sent to the cell phone or to their personal email. And then the user will see a message like this.
If the user does not have a cell phone or email, but did verify the SSN, they will be taken directly to the reset page shown later.
The custom link has a lifetime of 30 minutes (this is configurable at the server). If the user tries to use the link after it has expired, they will be required to start the reset process over again.
Examples of the text message and email with the custom reset link.
Using the Reset Link
Clicking on the custom reset link on a cell phone or within an email will take the user to this page.
The user will be asked to re-enter their CWID (or AD Login if it was a Faulty/Staff) and then to choose a new password and confirm it. Clicking the “eye” icon will make the passwords visible (instead of just dots). Clicking it again will hide the passwords.
If the user enters credentials that do not match the ones used to create the custom link, an error message will be displayed.
The user enters a new password and “confirm” password. When the “Change Password” button is clicked, if the passwords do not match, this error message will be displayed.
If the new password does not match the AD rules for passwords, the user will see an error message telling them the password chosen violates the password rules.
Passwords must meet a set of criteria to be accepted. Those rules can be seen by clicking the “Show Password Rules” button on the top of the form – the results are shown below.
If the new password meets the all rules, the user will see this message after clicking the “Change Password” button.
If the user was verified using the last four digits of the SSN, the user will be taken directly to this form (no custom link) and will be asked to select a new password. The “Show Password Rules” and error checking is identical on this form as on the custom reset link form.