Overview of Password Reset

What Is a Password?

Passwords are used to log in to ECSs. If you select the password login mode when purchasing an ECS, you can use the username and password to log in to the ECS. The password is very important. Keep it secure.

You can set a password when purchasing an ECS. If you do not set a password during the purchase or if the password is lost or expired, you can reset the password.

You can reset the password in any of the following scenarios:

The password is lost.
The password has expired.
You intend to change the initial password at the first login.
You selected Set password later or Key pair for Login Mode in ECS custom config.
You purchased an ECS in quick config mode (the Login Mode is Set password later by default).

Password Reset Scenarios

Table 1 describes the methods of resetting passwords for ECSs. You can select a proper method based on service requirements.

**Table 1** Password reset methods
Method	Applicable OS	Characteristics	Constraints
Online Password Reset	Windows/Linux	There is no need to log in to the ECS. There is no need to install the password reset plug-in. Services are not interrupted. The new password takes effect immediately.	The ECS status must be Running. Cloud Operations Center (COC) must be enabled and granted required permissions to perform operations on resources. For details, see Configuring Custom Policies for ECS Self-Service O&M. The UniAgent must be installed. For details, see Installing UniAgent on an ECS.
Offline Password Reset	Windows/Linux	There is no need to log in to the ECS. There is no need to enable COC or install the UniAgent. Services need to be interrupted. The new password takes effect after the ECS is restarted or started.	The ECS status must be Running or Stopped. The one-click password reset plug-in must be installed. Public images have the plug-in installed by default. If the plug-in is not installed or is invalid, you need to install it again. For details, see Installing the One-Click Password Reset Plug-in on an Individual ECS.
Resetting the Password for Logging In to an ECS in the OS	Windows/Linux	There is no need to install the password reset plug-in. There is no need to enable COC or install the UniAgent. Services are not interrupted. The new password takes effect immediately.	You need to log in to the ECS.
Obtaining the Password for Logging In to a Windows ECS	Windows	There is no need to install the password reset plug-in. There is no need to enable COC or install the UniAgent. Services are not interrupted. The new password takes effect immediately.	This method is only available for Windows ECSs authenticated using key pairs and the corresponding private key file has been obtained.

Scenarios of the One-Click Password Reset Plug-in

The offline password reset depends on the one-click password reset plug-in (CloudResetPwdAgent). With the one-click password reset plug-in, you can reset the password of an ECS that is in Running or Stopped state. This operation does not depend on other services, and you do not need to enter the old password or log in to the ECS.

The new password takes effect after the ECS is restarted or started.

The one-click password reset plug-in is installed by default for ECSs created using public images. You can directly reset the password offline for such ECSs.

If the password of an ECS fails to be reset offline, the one-click password reset plug-in may not be installed or has expired. You can install or update the plug-in as needed.

**Table 2** One-click password reset plug-in operations
Scenario	Reference	Applicable OS	Description
Obtaining the plug-in	Obtaining the ECS One-Click Password Reset Plug-in	Windows/Linux	Download the plug-in and verify its integrity before installing or updating the plug-in.
Installing the plug-in	Installing the One-Click Password Reset Plug-in on an Individual ECS	Windows/Linux	If the one-click password reset plug-in is not installed or has been deleted from an ECS, install the plug-in for the ECS. By default, the one-click password reset plug-in has been installed on ECSs created using public images. This operation is commonly used for ECSs created using private images.
Updating the plug-in	Updating the One-Click Password Reset Plug-in for an ECS	Windows/Linux	Update the plug-in for an individual ECS for security purposes.
	Using Scripts to Batch Update the One-Click Password Reset Plug-ins for Linux ECSs	Linux	Batch update one-click password reset plug-ins for multiple Linux ECSs. An ECS running CentOS 7 (public image) and has an EIP bound is required as the executor. The ECSs must be in the same VPC as the executor or configured with cross-VPC network connectivity. If the ECSs are authenticated using key pairs, the plug-ins can be batch updated only for ECSs that use the same key pair.
	Using Scripts to Batch Update the One-Click Password Reset Plug-ins for Windows ECSs	Windows	Batch update one-click password reset plug-ins for multiple Windows ECSs. An ECS running CentOS 8.2 (public image) and has an EIP bound is required as the executor. The ECSs must be in the same VPC as the executor or configured with cross-VPC network connectivity.

Password Complexity Requirements

Table 3 shows the password complexity requirements in two scenarios: ECS creation and password reset.

**Table 3** Password complexity requirements
Password complexity requirements	ECS Creation	Password Reset
Length	Must contain 8 to 26 characters.	Must contain 8 to 26 characters.
Characters	Must contain at least three of the supported four character types.	Must contain at least three of the supported four character types.
Security	Cannot contain the username or the username spelled backwards. Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)	Cannot contain the username or the username spelled backwards. Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)
Other	None	Cannot start with a slash (/) for Windows ECSs.
Supported Characters	Uppercase letters	Uppercase letters
	Lowercase letters	Lowercase letters
	Digits	Digits
	Special characters for Linux ECSs: !@$%^-_=+[{}]:,./?~#* Special characters for Windows ECSs: !@$%^-_=+[{()}]:,./?~#*	Online password reset: @%-_=+[]:./^,{}? (only applied to Linux) $@%-_=+[]:./,? (only applied to Windows) Offline password reset: Special characters for Linux ECSs: !@%-_=+[]:./? Special characters for Windows ECSs: !@%-_=+[]:./?