Periodic change of GASPAR password

ISGOV-ITSEC

Welcome to the page dedicated to the periodic change of the GASPAR password. Here you will find all the necessary resources to complete this operation.

ISGOV-ITSEC,

Foreword

  • Why do I have to change my GASPAR password now?
  • How will it be implemented?
  • What should I do to avoid problems in accessing IT resources needed for my work or studies?

How to change your GASPAR password

  • WARNING
  • How to proceed

Adapting common applications after changing the password

  1. Email clients (Outlook, Apple Mail, Thunderbird)
  2. WiFi
    • Windows
    • MacOS and iOS
    • Linux (Ubuntu)
    • Android
  3. VPN
  4. PocketCampus
  5. Jabber
  6. myPrint
    • Windows and Mac – link to domain
    • Windows – standalone
    • Mac – standalone
  7. Zoom
  8. Network shares
  9. Google Authenticator

Foreword

The EPFL information system is subject to an ever-increasing number of attacks, particularly via email. Most of the time, the vector is a fraudulent message instructing you to click on a link urgently, while warning you of dire consequences if you do not act. Unfortunately, we have seen a marked increase in GASPAR account compromises over the past few months, which is why the Information Systems IT Security Committee  has decided to enforce a password change for all GASPAR accounts that have not been changed for more than 6 months.

It is important to note that this measure will be lifted as soon as the technical and organisational conditions allow the introduction of two-factor authentication (2FA) for access to EPFL’s email system. Indeed, even if the GASPAR password is compromised, access will not be possible without the second authentication factor (the 6-digit code already used for VPN access), making it unnecessary to change the password.

Everyone who is required to change his or her password will receive an e-mail indicating that the GASPAR password must be changed within 3 weeks. One week before the deadline, an automatic reminder is sent if the password has not yet been changed.

If the change has not been made after the 3 weeks deadline, the password change is imposed: as soon as the user reaches a service that requires a GASPAR login, a redirection to the portal in order to change the password is made mandatory.

All those concerned by the password change will be notified 3 weeks in advance, so you will have more than enough time to make the change without any concern. As we indicated in the email announcing the change, there are a few things that need to be done to ensure that the change goes smoothly, so please follow the guide below.


How to change your GASPAR password

It is strongly advised to quit all your applications before changing your password (Email client, Jabber, Zoom, network shares, etc.) and to keep only your browser open. If possible, make the change on campus, using a wired connection

When you receive the message asking you to change your GASPAR password within three weeks, go to the following page: https://gaspar.epfl.ch/ and click “login” (bottom left).
After that, simply select “Change password”:

You will see the following page: you just have to enter your new password.


Adapting common applications after changing the password

If not already done, close your email client and launch it again. In most cases, a prompt will show up, asking you to update your password (the alert may be different depending on your operating system and application): simply enter your new password.

Turn your WiFi connection off and try to reconnect to the ‘epfl’ network.

  • Windows

Recent versions (Windows 11 and Windows 10 21H[1-2]) will immediately ask you for your new password: you just have to enter your new GASPAR password.

In some cases, Windows will tell you that it is not possible to connect to EPFL network, so you have to ‘forget’ the network (left click on the Network icon in the Windows taskbar and right click on the EPFL network – “forget”) and possibly reconfigure the Wifi access (documentation here)

  • MacOS and iOS

The system will immediately prompt you for the new password, whether you are using profiles or not:

  • Linux (Ubuntu)

You have to change the password in the WiFi management interface:

  • Android

You have to reconfigure the WiFi access, following the procedure here.

The next time you connect to the VPN, you simply need to enter your new GASPAR password. No changes are required.

The PocketCampus application detects that your password has changed and that you need to update your login information:

When you launch Jabber after changing your GASPAR password, the application prompts you to update your password:

Only the most common cases are listed here, as there are many variations in the installation of drivers and their versions.

  • Windows and Mac – link to domain

The GASPAR password change is synched with Active Directory, so there is no intervention required.

  • Windows – standalone 

Depending on the type of installation of the print queues, you will have to make changes: all cases are listed here.

  • Mac – standalone

Please note that changing the password can be tricky depending on the configuration of print queues: visit this page (“In case of authentication problem”) after having determined your configuration here.

The next time you log in to the Zoom service, simply enter your new GASPAR password (through Tequila). No changes are required.

The remote system will ask you for your new login details: simply enter your new GASPAR password.

Alternatively, you can use Windows Credential Manager and change your password for the various services directly in the interface.

Open Control Panel and click Credential Manager:

All you have to do is change your credentials:

In some cases (forced password change after several reminders), strong authentication will be automatically reset to “init” status.
If you attempt to connect, you will receive the following message:

You will therefore need to delete the key present in your Google Authenticator app, and configure it again by following the procedure for activating strong authentication

If you have a physical token, you will need to contact 1234 or open a ticket in the SI_AUTHENTIFICATION_FORTE queue to reactivate the token in question.