Differences

This shows you the differences between two versions of the page.

--- en:onboarding [2025/02/16 15:02] – [Your own system] Webmaster VitaNetworks
+++ en:onboarding [2025/10/29 20:24] (current) – [Setting a new password / Unlocking your account] Webmaster VitaNetworks
@@ Line 15: / Line 15: @@
 ===== Password requirements: length =====
-//How long?// It's best you don't know for sure, at least for the time being. It's recommended to choose a passphrase rather than a password i.e. a sentence. It will be long enough and easier to type. Though your password can include spaces, it's best you avoid them because the support for spaces in passwords varies across apps.
+//How long?// It's best you don't know for sure, at least for the time being. It's recommended to choose a passphrase rather than a password i.e. a sentence. It will be long enough and easier to type. Although the directory service accepts spaces in passwords, it's best to avoid them as application support varies from one app to the next.
-//Across apps? What do you mean?//
+//One app to the next? What do you mean?//
 ===== The Directory Service =====
@@ Line 23: / Line 23: @@
 The account we're talking about is commonly known as a domain account, or a directory [service] account. A directory service is a form of database but tuned specifically to store user credentials. Various services (or "apps") use the directory to get the user base that will be allowed to access the service. Directory accounts let you share data between apps and use a single username across all services/apps
+They're not just a name or address, they are long random identifiers that are rarely ever seen, even by administrators. Because of this, it's not possible to recover the data of a certain username by simply recreating it. In addition to that, accounts store cryptographic keys that are impossible to reproduce, and each app can further associate random data of the account to create their own unique identifier.
 ===== Setting a new password / Unlocking your account =====
 As mentioned, you're account is locked while it has temporary credentials so you will not be allowed to continue until you set permanent credentials. Most apps and services will inform you about this or fail silently but a few highly secure apps that are allowed to write to the directory will offer you the chance to change your password in the spot. We'll go briefly over a few of them; please note that there are many others not listed here. Whatever works for you is fine.
+==== About passwords' storage ====
+Let's review quickly what it a hash because it's needed: simply put is a very complex mathematical operation that's considered a one-way operation: it's irreversible. Other characteristics of them are that they always result in the same length, regardless of input and it only takes one character it doesn't matter if it's near the beginning, middle or end of it to output a completely different string.
+As it's best practice and the default in Active Directory, passwords are never stored in the directory, what is stored is the hash of the chosen password, this is created through the means used to set it. When authenticating this is done again thus another hash is created which is much easier to process. If it matches the directory's, the user is granted access.
+It's impossible to obtain a forgotten or lost password, it's only possible to change it. The directory does keep a history of hashes, but it doesn't always enforce not to reuse them of if it does, how far it should go.
 ==== Antipostal.com Webmail ====