Changing a User’s Password

You can change users' passwords from within the administration interface. When a new password is created, EFT determines whether the password meets complexity and reuse requirements.

  • The change password function supports user principal and common names (AD/LDAP). That is, it supports UPN (e.g., jdoe@globalscape.com; looks like an email address) and CN (e.g., jdoe).

  • For high security-enabled Sites, you cannot manually create a password; the only option is to click Generate to create a unique, complex password.

  • If enabled, users can change their passwords in the Web Transfer Client, and the account management web page.

  • On AD/LDAP Sites, if you have enabled the "User must change password at next logon" feature in AD, you must enable (set to "on") the advanced property described in https://kb.globalscape.com/KnowledgebaseArticle10516.aspx. If you have enabled the "User cannot change password" feature in AD, users will not be able to change their passwords. LDAP over SSL is required to be enabled in order to effectively change your password via WTC.

  • If the administrator does not have Manage personal data permission, the password appears as dots.

To change a user's password

  1. In the administration interface, connect to EFT and click the Server tab.

  2. On the Server tab, click the user you want to configure.

  3. In the right pane, click the General tab.

  4. Click Change Password. The Change User Account Password dialog box appears.

  5. Do one of the following:

    • In the New password and Confirm password boxes, type and confirm the password. (Not available for high security-enabled Sites.)

    • Click Generate. A complex password is generated and entered in the New password and Confirm password boxes.

  6. Click the Password type list to specify a type from the following:

    • Standard - A plain text password is required.

    • Anonymous - Any password, including nothing, allows an anonymous connection. PCI DSS requirements state that you should not use group, shared, or generic accounts and passwords. To address this requirement, EFT hides the Anonymous password type for high security-enabled Sites anywhere that the password type is selectable, or if Enforce Strong Passwords is enabled.

  7. To email the user's password, type the email address and select the email login credentials check box. If the email address is configured in the User Details, the email Address box is completed automatically. If you type an invalid email address, an error message appears. (SMTP must be configured on EFT to email the user.)

    • Only administrator accounts with the Manage Personal Data permission can see and modify the email address.

  8. Click OK. The Change User Account Password dialog box closes and the email is sent, if configured.

  9. Click Apply to save the changes on EFT.