My Password

Owned by Carrie Warner (Unlicensed)
Last updated: Dec 01, 2020 by Jonathan Schmale
3 min read

Every person who needs access to Chameleon has a user account and credentials, including a User Name and Password. See https://bannisterlake.atlassian.net/wiki/spaces/ST/pages/1654292481 to set other preferences.

When you are signed into Chameleon, you can manage your own password and review logs of all of your activity in the system. 

Passwords are NOT set in Chameleon if the user is configured to use either of

  • LDAP (Active Directory) authentication

  • Google Login

Change My Password

You can change your Chameleon password at any time using the System Tools > My Password option.

This only applies if you are using the default username and password authentication and not LDAP or Google.

  1. Enter a new Password in the field.

  2. Confirm the password by entering it again.

  3. Click the Update Password button. The next time you sign in to Chameleon, use your new password. 

Your system is only as secure as the passwords for your user accounts. It is highly recommended that you use strong passwords for all Chameleon user accounts. The strongest passwords include a long combination of letters, numbers, uppercase, lowercase, symbols, and other special characters that haven’t been used as a password before.

Forgotten Password

In the event you have forgotten your password a System Administrator can create a new password for you from within Chameleon. You can then login with that new password and change it to one only you know.

From within System Tools - Users, the System Administrator should edit the user who needs the password change.

Once the Edit User dialog is open, near the bottom they can change the User Password and Confirm it. Press the Save Now button to confirm the password change.

Bannister Lake support can not retrieve a forgotten or lost password. However your System Administrator can reset a password for you.

Common Password Checking

Flow includes a list of 1,000,000 common passwords. It checks the password you enter as you type to see if it matches any in that list. If it does you get a warning.

Example: "Warning: This is a common password."

Data Breach Checking - HIBP

A second layer of password checking can also occur when you save your password. The password will be checked against a database on known breaches provided by a well known service: https://haveibeenpwned.com/Passwords

Your password is not sent to the service. Instead your password is protected by the process that requests possible matches from the service which are then checked against your password.

If your password is found it will give you a warning to encourage you to choose a new password.

Example: "PLEASE NOTE: Your password has been seen 43,442 times in public data breaches. You may wish to consider using a unique password."

Passwords > Enable Checking Breaches