Information Technology

Password Management Web Tool Documentation

Using the UMass Boston Self-Service Password Management system allows you to change your password or reset a forgotten one via the web at this address:

https://spmt.umb.edu/

Following is a brief guide to using this new system. Answers to some frequently-asked questions about the system are also available.

Using the System

1. Setting Up a Profile

The first thing you should do is set up your profile so that you will be able to use security questions you choose to reset your password if you forget it in the future. To begin, go https://spmt.umb.edu/ and click “Edit my Profile.”

Log in by entering your UMB user name (without @umb.edu — e.g. sandy.beach001) and your known password. (Note: you must press the “Logon” button. Typing your password and hitting “Enter” will not work.)

Once you have logged in, you will be asked to provide an answer to the security questions as well as a question you write yourself. This way, if you forget your password in the future, you will be able to recover it.

We suggest a short, simple question, like “Where was our 2001 vacation?” or “What is dad’s car?” Don’t use something anyone might guess, like “Where do I live?”

Choose your questions and answers and click "Update." Once you do this, your profile is set up.

2. Changing Your Password

After you have set up your profile, you can change your password to a different one by clicking the “Change my password” link. Once you click this link, you will be prompted for your user name (again, without @umb.edu) and your current password. You will then be brought to the “Set your new password” page.

On this page you have the option of having the site generate a password for you by clicking the “Generate Password” button. If you like the password the site has generated, click “Change Password” and you’re done. You can also create your own password. To do this, click the circle next to “Enter” and type your password into both the “Password” and “Confirm” fields and click the “Change Password” button. and your password will be changed. If you receive an error, make sure your password is the same in the two fields and that your password meets our minimum standards:

1) Passwords must have a minimum length of eight (8) characters

2) Passwords must include at least 3 out of 4 of the following:

  • At least 1 upper-case character
  • At least 1 lower-case character
  • At least 1 special character (&, *, $, etc.)
  • At least 1 numeric character

3) Passwords cannot contain all or part of your email address

4) Passwords will expire after 180 days

5) Passwords cannot be re-used

3. Resetting a Forgotten Password

If you have forgotten your password and have set up your profile, you can reset it yourself using the “Reset my Password” link from the main page. You will first be asked for your user name. (Do not include the @umb.edu.)

You will then have to answer the three security questions that you set up when you created your profile. You have to answer all of the questions correctly before you will be able to reset your password.

Once you answer the three security questions correctly, you will be able create a new password and log on to your account.

Frequently-Asked Questions

Following are some frequently asked questions about this new system.

If I need to change my password, can I do it myself?

Yes! Our new Self-Service Password Management system allows you to do this via the web at this address: https://spmt.umb.edu/

Can I reset my password before I have edited my profile?

No. Resetting your password requires you to answer the security questions in your profile, so setting up your profile is the first thing you should do. For help with this, see our “Getting Started” guide.

When entering my user name, do I include “@umb.edu”?

No, just enter the part before the @ sign. Be careful, because the system does not note anywhere that you cannot use @umb.edu and you will be locked out if you try to log on with it three times. (The system will work with compservdom\ in front your user name, but it is not required.)

What are the password requirements? Where can I find them on the password reset/change page?

The password reset rules are listed on the main page. They are as follows:

1) Passwords must have a minimum length of eight (8) characters

2) Passwords must include at least 3 out of 4 of the following:

  • At least 1 upper-case character
  • At least 1 lower-case character
  • At least 1 special character (&, *, $, etc.)
  • At least 1 numeric character

3) Passwords cannot contain all or part of your email address

4) Passwords will expire after 180 days

5) Passwords cannot be re-used
   
If your new password fails to meet these requirements, you will get a page telling you what rules you did not meet. Note: These password guidelines are only displayed on the front page, so make a note of them. Otherwise you will only see them when they are not met.

Here are some passwords that will fail and the reason:

  • umb.edu 15 — Contains part of your email address
  • massachusetts25 — Does not contain enough types of characters (only lowercase and numbers)
  • Joe99 — Is not long enough

What is an example of a good password?

A good password is one you will remember but no one else will be able to guess.

The ideal password would be some long combination of random characters, like 9cf%G84#Ws!5, but of course no one would remember this and would be forced to write it down, making it less secure. Pick a password that means something to you and you can remember, like your parents’ initials and their marriage date (e.g. JKS+MJJ=1955) or a string of characters representing a sentence, like Mfbi20,000LUtS for "My favorite book is 20,000 Leagues Under the Sea." Do not choose a password that someone is likely to guess, and above all do not share your password with others! Some other tips and ideas can be found here:

http://www.makeuseof.com/tag/create-strong-password-forget/

This web site also has links to The Password Meter, where you can test the strength of your password, and several sites that will generate strong, random passwords for you.

I tried to right click and paste my user name into the user name box but was unable do so. Why is this?

You cannot right click to copy or paste on any of the pages in this system. The right click function is disabled on the page for security reasons. However, you can use Control-C and Control-V (Command-C and Command-V on the Mac) to copy and paste.

I entered my user name and password but when I hit enter nothing happens. I tabbed down to “change my password” and hit enter but this did not work ether. Am I doing something wrong?

You cannot enter information using the enter button on the change password page. (You can, however, do this to edit your profile security questions, so be careful!) Also, on the change password page, you cannot use tab to move down from the “generate password” button to the “enter password” button.

I committed two errors when trying to change my password but then I was able to get it correct. Then when trying to edit my profile I committed another error and now I am locked out. Why is this and how long will I be locked out?

The retry limit for failures is three, and unfortunately, the count is not reset when you log in successfully, so a third error will lock you out. If this happens, you will not be able to use the system for five minutes. Errors carry over from window to window and are not limited to your password — if you enter your user name wrong three times, you will be unable to use the system for five minutes. (The only exception to this is when you are actually on the password reset page and you are entering a new password.)

I tried to log on to my account and was told that “You have exceeded the retry limit. Access denied” only after one attempt.  How do I fix this?

The system will block your computer from using the system (based on your IP address) after three failed log-in attempts. The attempts do not have to be consecutive and will carry over. For security reasons, your computer will be blocked from accessing this site for the next five minutes.

I was trying to change my password when I got the error message “Exception from HRESULT: 0x8007202F.” What does this mean?

It usually means your password is too similar to an older password. For instance, if your old password was “Massachusetts 10” and you try to change it to “Massachusetts 11,” this error message will be displayed. However, it will not tell that the passwords are too similar. The solution is to choose another password.