عربي
Dear students, staff, and employees:
In this manual we offer simplified explanation for how to retrieve lost password for students, University staff, and employees on the following systems, so that they can login into their accounts in these systems, and update their personal contact information like alternative email, mobile number and the reminder question which will guarantee immediate recovery of their password if they forget it, and will allow them to change it at any time without the need to attend to the university.
-Students 'academic services systems' HTTP://ODUS.KAU.EDU.SA/STUDENTS
- Professors 'academic services systems' HTTP://ODUS.KAU.EDU.SA/EMP
- Students 'email system' HTTP://MAIL.STU.KAU.EDU.SA
And we will take the students "academic services systems", also known as "On Demand University Services" or "ODUS" as an example.
- Enter the student number as your username in the field titled “Student Number”
-Enter the password, it may be designated by other by “secret number” or "secret word", all these names are for the same thing, some people chose a password that composed of characters only or numeric digits only or of both and this is the best to be difficult for strangers and hackers to guess it, since it is your key to login into critical and sensitive systems, and subsequently we will illustrate the principles of creating strong and easy to remember passwords.
- Press the login button.
If both your user name and password are correct the system will allow you to enter your page.
If either one or both is not correct, you will not be permitted to enter the system and it will display an error message stating that there is a mistake in either the username, or the password, see picture:
It is most likely that we will not mistake in writing the "username" because it is the student number and often available in mind, or written on the University card, the password error is more often.
Therefore we need to be careful while entering our username and password; and be sensitive to the achievement of the following points in the next paragraph.
Rules to enter the user name and the password:
-Write by keyboard and do not use the copy and paste method; just to avoid copping trailing spaces, or invisible codes.
- Give more attention to the case-sensitivity (capital - small) letter.
-Give more attention to the writing language (English - Arabic).
If we apply the previous rules and couldn't enter the system; then it means that we are using a wrong password and we need to reset it.
It is good in this context to make it clear that we cannot restore the same previous password but what happens is to create a new password by user, or by the system, as the case as will be discussed later in the paragraph devoted to explain ways to retrieve lost password which entitled with “Instant Password Recovery Methods”.
Password Recovery System
HTTP://LOGIN.KAU.EDU.SA/PASSWORDRECOVERY.ASPX
It is a new system that has been specially programmed to allow all users to retrieve their lost password from anywhere in the world without having to come to campus, the ability of the system in achieving its objective depends on the availability of adequate information about all users therein, any user who has the required information recorded in the system will most easily set a new password immediately, and vice versa!
And the most important pieces of information that enables the user to immediately recover his password are as follows:
Required data for password instant recovery:
- The alternate e-mail (Non-University Email).
- Mobile number.
- Reminder question.
The existence of any of these three kinds of data in the system’s database will enable the user to immediately recover his password using one of the following methods:
Instant Password Recovery Methods:
- Automatic creation of a new password and send it to your alternate registered Email.
- Automatic creation of a new password and send it to the registered mobile number.
- Or allow the user himself to choose the password after he success in answering the registered reminder question.
Hence the importance of completing all the required data for password instant recovery eases handling the password recovery and other things that no further explained in this place. And now let us start to explain the steps needed for (recovering the lost passwords) using the Password Recovery System:
When pressing the button entitled with “Press here to restore password” or when you navigate directly to the following URL:
HTTP://LOGIN.KAU.EDU.SA/PASSWORDRECOVERY.ASPX
You will see the initial screen of the “Password Recovery System” as in the following picture:
Note that on this initial screen you only required to enter your user name, which is your University number, so you can use this page as a test page for checking the health of your username, for example if you did not apply the rules mentioned in the preceding paragraph entitled "Rules to enter the user name and the password, your username may not recognized by the system and may be considered as non-existent!
Supposed that you have correctly entered your username and it has been accepted by the system, which means that this University number is registered in the system, then your ability to instantly retrieve you password online depends on the availability of your personal contact information in the system, these data has been mentioned above in a paragraph titled “Required data for password instant recovery”.
If your personal contact information is registered in the system; the system will show you a page that contains the available methods that you can use to recover your lost password; the availability of these methods depends on your previously registered information (mentioned above in the paragraph titled “Instant Password Recovery Methods”, choose from them the way that suits you. There are three methods; the first is sending the password to your registered alternative email address; second is to send the password to the registered mobile number and the third one is to reset the password now, which means that the system will allow you to change the password yourself after you success in answering the reminder question, and this last method is entitled in the picture below as “reset password now".
In the picture we find that the three types of the “required data for password instant recovery” are all available and registered in the system for that user; so the system will allow him to choose any of the three methods available to recover his lost password; and they are as follows:
First - retrieve lost password using the previously registered e-mail address: meaning send your password to your alternate email address as shown in the following picture:
The system will ask the user for the email address that he wants to receive the new password in; note that the syntax of the email address should be correct or the system will refuse to compare it with the registered alternative email address saved in its DB; and will generate an error message saying “Please enter a correct email address” as in the following picture:
If the user provides a valid e-mail address, asking to send the new password to this email address; the system will accept that mail and will compare it with the registered email, and in order to send the new password to the entered email, this entered email must match the user’s registered email address in the system, otherwise the system will refuse to send the password to the entered email; instead the system will show an error message saying: "sorry, the email you entered in is not the one in our records" as shown in the picture:
If you failed twice to provide the correct email address that is registered in the system; it will forward you to a verification page to make sure that you are an authoritative user; this will be done through some personal questions, as in the following picture for students, and next picture for official employees :
-checking authority by personal questions for students:
Important note for new students (year 2010) the answer for each of the level, average, and hours questions should be = 0
For other students if you are not sure of average, or hours please enter the nearest value that you remember; and the system will compare it with the correct value and will calculate the percentage of error and take it into consideration.
-checking authority by personal questions for official employees:
This page contains a number of personal questions to be answered by the user, and each correct answer gives the user a certain number of points, once he/she achieves a target number of points, the system will allow the user to change his/her password, but the system will request the user first to update his/her “required data for password instant recovery” (like the reminder question and answer; alternate e-mail and mobile number) as shown in the following picture:
Note that this update page will show up whether or not you have registered a reminding question with answer, alternative e-mail, and mobile number, and all you have to do on this page is only update/change reminder question (optionally), and answer (optionally), but you have to add it if it isn’t present in the system, update/change alternate mail (optionally), but you have to add it if it isn’t present in the system, and finally you can update/changed your registered mobile number (optionally), but you have to add it if it isn’t present in the system, so that after this information is updated or added the system will allow you to simply recover your password at any time and from anywhere without having to contact or to attend to the University.
After you've completed the previous step and have updated your contact information, the system will allow you to change your password as in the following picture:
Either if the service requester (student or employee) failed to reach the required percentage of the correct answers of the questions in the personal questions page, then the system will refuse permitting him to retrieve lost password programmatically through the system, and will show a message asking him to send an email to the support team (Login.Help@kau.edu.sa) regarding the problem as shown in the following picture:
Second- the password recovery using the previously registered mobile number :
Send your password to the registered mobile number. By choosing this option the system will ask the user to provide the registered mobile number; if he success to provide a valid mobile number that matches the registered one; a new password will be sent to that mobile number, if he failed (twice) to provide the correct mobile number; then the system will route the user to the page for checking authority by personal questions that has been provided in the previous picture, and with the same explanation provided previously.
Note: sending a password using the mobile number is parked indefinitely.
Third- Recovering the password using the reminder question:
Return the password now. What is meant by this option is to reset your password after answering the reminder question, and it should be noted that this method (along the way with the method of resetting your password after successfully passing the checking authority by personal questions method that has been provided and described previously) are the only two methods that allow the user to reset/choose his password himself, when choosing this option a page will appear asking the requester to enter the answer of the reminder question, (preferably using the mouse, press the button that is entitled with the word 'Next' after typing the answer instead of pressing the Enter key on your keyboard) as shown the following picture:
It is worth us here to mention the severe harm that may happen to the user if he/she has registered an easy to predict answer to his reminder question ... why?
As this could simply be the fastest way of malicious users to attack your page; unless you make it a difficult to predict answer of your registered reminder questions.
Here is an example that will show the harmful effect of choosing an easy to predict answer of the reminder question:
HTTP://LOGIN.KAU.EDU.SA/PASSWORDRECOVERY.ASPX
A Student chooses to register himself a reminder question & answer in the system to be able to reset password himself, he selected his reminder question to be: "what is your University Number?", and he has chosen the answer to be his real University Number despite his ability to choose any other answer provided that he won't forget himself. Imagine what will happen if a malicious user/attacker wanted to attack this student’s page; the malicious user/attacker will easily get the University number of the user which represents the student (username), then will use the password retrieval system URL:
HTTP://LOGIN.KAU.EDU.SA/PASSWORDRECOVERY.ASPX
And then write the username which is the University Number of the student, if the attacker decide to use the reminder question method to reset the user’s password, which entitled with the “recover password now”, then he will find that the reminder question is “what is your University Number “! What do you expect?
The answer of the reminder question is known by the attacker since it is the same as the username of the student which is his University Number; so the system will allow the attacker to change the user’s password, not only this but would allow him to clear the “required data for password instant recovery” for that user and replace it with his own information like his mobile number or email address, moreover, the possibility of changing the user’s study table! Really it will be a disaster if the attacker who attacked your page was a bad person who wants to harm you! So beware ... how?
You can do that by choosing a strong and not easy to predict answer for your reminder question.
Or by avoiding adding a reminder question in the system if it will has an easy to predict answer.
The support team has the right to delete your reminder question from the system if it will lead to the ability to break into your page by attackers; with neither not deleting it mean consent or directory an acceptable, this ultimately your personal responsibility.
The student should pay more attention when writing the answer of his reminder question since any extra or incomplete space will be treated by the system as a wrong answer, and an error message will be displayed indicating "Please, provide a correct answer", as in the following picture:
If the student fails twice to provide the correct answer to the reminder question; the system will forward him to the page for checking authority by personal questions that has been provided in a previous picture, and with the same explanation provided previously.
If the student success in providing the correct answer for the reminder question; the system will allow him to reset his password as shown in the following picture:
It would be good to follow the General rules for creating strong passwords like creating passwords that contains characters, digits, and symbols like the following: (# $ &), also passwords that are not exist in the dictionary (non-lexicon-words) are difficult to guess, even longer passwords are more difficult to break.
After you type your password in the first field, and then type it again in the confirmation field, press the “Finish” button, if the word written in the first field does not match the word written in the second field, the system will alert you and show the following error message:
"Please, ensure that the two passwords are equal", as in the picture:
If the word written in the first field is identical to the word written in the second field, the system will create your password and tell you that you have successfully updated your password, as in the following picture:
Thus you have created your password yourself using the reminder question in the "Password Recovery System.
And from now on, you can at any time login to your profile page in the:
Personal Information Update System
HTTP://LOGIN.KAU.EDU.SA
And this information is primarily the personal data needed for online password retrieval, and the Personal Information Update System can be reached by navigating to the following URL:
HTTP://LOGIN.KAU.EDU.SA
Through which you can change your password, or update your personal information, as in the picture:
To change your password click on the button entitled with "change password", the system will open you a page where you can change your password, as in the following picture:
And if you want to update the “required data for password instant recovery”, simply press the button entitled with “Data Update”, the system will open you a page where you can change your reminder question & answer, alternate e-mail, and your mobile number, as in the following picture:
After this data is updated you'll simply and easily retrieve lost password at any time and from anywhere without having to contact or to attend to the University.
With sincere wishes for success
from the Support Team