Documentation forWeb Help Desk

Migrate user passwords to FIPS 140-2 cryptography

On a pre-scheduled date, execute the database compliance tool in Web Help Desk using your administrator password to ensure that all client and tech account passwords are migrated to FIPS 140-2 cryptography. When completed, only the stored client and tech passwords using FIPS 140-2 cryptography are validated.

Prepare for the password migration

  1. Log on to Web Help Desk as an administrator.
  2. Click Setup and select General > Authentication.
  3. Scroll down to the Password Security Migration Tool window.
  4. Click Check Password Security.

    The tool scans all client and tech account passwords in your Web Help Desk database.

    If all clients and techs have logged in to Web Help Desk 12.4.0 or later before the scheduled date, a message displays stating that your database is now using strong cryptography and is FIPS 140-2 compliant.

    If one or more clients or techs have not logged in to Web Help Desk before the scheduled date, Web Help Desk lists the remaining number of client accounts and a list of tech accounts that require a password change. The report will include third-party integration accounts that will be migrated automatically without user intervention.

  5. Decide whether to invalidate all passwords in your database using the weaker cryptography.

    If you click No and do not invalidate all passwords, Web Help Desk will not erase any passwords from your database that are using weaker cryptography.

Execute the password migration

  1. Click Yes to invalidate all passwords.

    The following message displays:

    Are you sure you want to erase all passwords that are using weaker cryptography?
    Confirm by entering your Admin password below. 
  2. Enter your admin password in the appropriate field.
  3. Click Yes to invalidate all passwords.

    When completed, a message displays listing the reset client and tech passwords.

    All clients who did not update their passwords are forced to create a new password when they log in to Web Help Desk. Additionally, all future client and tech account passwords will be encrypted using FIPS 140-2 cryptography.

  4. Click Save.

    The migration is completed.

Notify all users that the migration is completed

All remaining users who did not change their passwords during the notification period must navigate to the Log In page and click Forgot Password to change their password and access Web Help Desk.