Self Service Password Reset (SSPR)

Self Service Password Reset (SSPR) is a tool provided by Microsoft that allow you to recover a user account that is currently inaccessible.  The two situations in which an account can be recovered is when you need to reset your password and/or your account has been locked due to a password conflict such as entering an incorrect password too many times.

Choosing a Secure Password/Passphrase

Use a set of words rather than a single word.  Start by picking two or three words. A good passphrase –

  • Should be 12 characters or more, the longer the better.
  • Should include a combination of mixed case letters, numbers, and special characters.
  • Should not be reused with any other account.
  • Should not include any of the user’s personal information like their address or phone number.
  • Should not include any information that can be accessed on social media like kids’ or pets’ names.
  • Should not  contain any consecutive letters or numbers.
  • Should not be the word “password” or the same letter or number repeated.

The words should not normally be associated together.  “March madness”, “four scores”, “yellow submarine”, or “I love you” would NOT be good choices since they would likely be included in a list of passwords an attacker would try.

Once you have a few words, add special characters or numbers at the start, end or in between the words to satisfy the complexity rule.

Choosing a good passphrase can make a difference, listed below are some example of passphrases and the time it would take to crack it.  Please don’t reuse any of these examples as actual passphrases on your accounts.

  • pizza6Handle – estimated time to crack this password is 2000 years
  • 3purplePANDAS – 100,000 years
  • 9-upper-VOLUME – 2,000,000 years
  • Boy,skateboard4 – 33,000,000,000 years

In comparison, it would take about 12 hours to crack any random complex eight character password.

 

Reset your password or unlock your account

Before you are able to use SSPR to recover your account you will need to begin by registering the Microsoft Authenticator app and/or your phone number.  For registering please go here. Once you are registered for SSPR you can now use it to reset your password or to unlock your account.  To do so follow the steps below.

  1. Open the web browser on your device and navigate to https://passwordreset.microsoftonline.com. You can also use the “Password Reset” link in the Desktop Application Launcher.

  1. Use your Mount Sinai or School of Medicine email address as your username to log in. If you only have a username please enter it followed by @mountsinai.org or @mssm.edu.  Example:  joed01@mountsinai.org.

  1. You will also be presented with a picture and asked to enter those characters in order to proceed.

  1. You will be presented with the options to either reset your password by selecting “I forgot my password”. Or to unlock your account by selecting “I know my password, but still can’t sign in”.

  1. You will be presented with the verification options that you registered. You will only need to use one.
    • Enter a code from my authenticator app – enter the one-time password code from Microsoft Authenticator application.
    • Text my mobile phone – You will need to enter the phone number that is registered and 6-digit code will be sent for verification.
    • Call my mobile phone – You will get a call from Microsoft to approve your password change.

  1. Once you complete the verification steps you will be asked to enter your new password twice. Click Finish to complete the reset.
  2. If you selected “I know my password, but still can’t sign in,” you will go through the same verification steps as above to unlock your network account.