Using the Password Reset Tool

If this is your first time resetting your password using our password reset tool this document will help you through the process. 

First you will want to visit this website https://go.npgco.com/password where you will be presented with the following page. Enter your primary email address and then click Next. 

Next, a code will be sent to your cell phone or your personal email address. This code is used to verify who you are and that you are choosing to reset your password. If you do not have the option to select a cell phone, or an email address, you will receive the following error! You cannot reset your password without one of these contact methods! 

Once you have received the code, type it into the box at the bottom of the window and click Next.

Now you get to set your new password. This is pretty standard stuff, but there are a few things you should be aware of. 

1. Your password must be at least 8 characters in length.
2. Do not use common words, or any words that are part of your username.
3. Very Weak and Weak passwords will not be accepted.
4. Medium and Strong passwords will be required to be reset in 1 year. 
5. Try to aim for a Very Strong password! Very Strong passwords never expire!
6. Try using a passphrase, instead of a password. A passphrase could be a few random words, or a short sentence. 

As you type your new password, the strength of the password will be calculated in real time. This calculation is done by a complex algorithm and is a universal standard for password strength. You will also be warned if your password does not meet the minimum standards.

FAQ

Q: Will non-compliant users not be able to log into devices on 1/7/19 if they don’t have acceptable passwords? 

A: Correct. Users are able to reset their account passwords from any device, anywhere. Once they reset their password, the accounts will be unlocked and they will be allowed access. During the time the account is locked, the accounts are still active (IE, a mailbox will still receive mail), but the user won’t be able to access it.

Q: Does this mean that everyone will need to do a reset even if they currently have a password that meets the standard?

A: To launch the new system, yes everyone will have to reset their password. Passwords are one-way encrypted, meaning we are unable to determine what user’s passwords are, we would not be able to tell if their password meets the new standard.

Q: Could a current acceptable password be maintained for the year of 2019?

A: Users must use the tool at least once to establish their accounts and allow us to track when it expires, strength, etc. There is nothing preventing someone from trying to use their current password in the new tool.  If their password is strong enough, the tool will allow it.

Q: How will you know if someone has used words that are disallowed?

A: The password reset tool will analyze a password as they type it and give advice on how to make the password stronger. 

Q: Will there be parameters set that will prevent a password from being accepted with call letters or the person’s name, etc.?

A: Yes.  The system takes the users ADP profile and automatically lowers the score if elements from their profile are used.  Parameters that are used are: legal first and last name, preferred first and last name, last 4 of social, station call letters, company name, department name, job title.


Q: Does this new standard apply to all our systems and, if so, who will monitor that all those passwords get changed?

A: This standard only applies to systems protected by our new SSO system.  This currently includes the following services: Active Directory, Email, Zendesk, E-Ticket (news-press application), newsflow, and moodle.  We are actively trying to get more of our application providers to allow SSO, when they become available we will add them to this list.  Passwords to systems not controlled by this new system will continue to be managed and monitored by the application admins.