Updated on 2025-09-08 GMT+08:00

Overview of Password Reset

What Is a Password?

Passwords are used to log in to ECSs. If you select the password login mode when purchasing an ECS, you can use the username and password to log in to the ECS. The password is very important. Keep it secure.

You can set a password when purchasing an ECS. If you do not set a password during the purchase or if the password is lost or expired, you can reset the password.

You can reset the password in any of the following scenarios:
  • The password is lost.
  • The password has expired.
  • You intend to change the initial password at the first login.
  • You selected Set password later or Key pair for Login Mode in ECS custom config.
  • You purchased an ECS in quick config mode (the Login Mode is Set password later by default).

Password Reset Scenarios

Table 1 describes the methods of resetting passwords for ECSs. You can select a proper method based on service requirements.

Table 1 Password reset methods

Method

Applicable OS

Characteristics

Constraints

Online Password Reset

Windows/Linux

  • There is no need to log in to the ECS.
  • There is no need to install the password reset plug-in.
  • Services are not interrupted.
  • The new password takes effect immediately.

Offline Password Reset

Windows/Linux

  • There is no need to log in to the ECS.
  • There is no need to enable COC or install the UniAgent.
  • Services need to be interrupted.
  • The new password takes effect after the ECS is restarted or started.

Resetting the Password for Logging In to an ECS in the OS

Windows/Linux

  • There is no need to install the password reset plug-in.
  • There is no need to enable COC or install the UniAgent.
  • Services are not interrupted.
  • The new password takes effect immediately.

You need to log in to the ECS.

Obtaining the Password for Logging In to a Windows ECS

Windows

  • There is no need to install the password reset plug-in.
  • There is no need to enable COC or install the UniAgent.
  • Services are not interrupted.
  • The new password takes effect immediately.

This method is only available for Windows ECSs authenticated using key pairs and the corresponding private key file has been obtained.

Scenarios of the One-Click Password Reset Plug-in

The offline password reset depends on the one-click password reset plug-in (CloudResetPwdAgent). With the one-click password reset plug-in, you can reset the password of an ECS that is in Running or Stopped state. This operation does not depend on other services, and you do not need to enter the old password or log in to the ECS.

The new password takes effect after the ECS is restarted or started.

The one-click password reset plug-in is installed by default for ECSs created using public images. You can directly reset the password offline for such ECSs.

If the password of an ECS fails to be reset offline, the one-click password reset plug-in may not be installed or has expired. You can install or update the plug-in as needed.

Table 2 One-click password reset plug-in operations

Scenario

Reference

Applicable OS

Description

Obtaining the plug-in

Obtaining the ECS One-Click Password Reset Plug-in

Windows/Linux

Download the plug-in and verify its integrity before installing or updating the plug-in.

Installing the plug-in

Installing the One-Click Password Reset Plug-in on an Individual ECS

Windows/Linux

If the one-click password reset plug-in is not installed or has been deleted from an ECS, install the plug-in for the ECS.

By default, the one-click password reset plug-in has been installed on ECSs created using public images. This operation is commonly used for ECSs created using private images.

Updating the plug-in

Updating the One-Click Password Reset Plug-in for an ECS

Windows/Linux

Update the plug-in for an individual ECS for security purposes.

Using Scripts to Batch Update the One-Click Password Reset Plug-ins for Linux ECSs

Linux

Batch update one-click password reset plug-ins for multiple Linux ECSs.

  • An ECS running CentOS 7 (public image) and has an EIP bound is required as the executor.
  • The ECSs must be in the same VPC as the executor or configured with cross-VPC network connectivity.
  • If the ECSs are authenticated using key pairs, the plug-ins can be batch updated only for ECSs that use the same key pair.

Using Scripts to Batch Update the One-Click Password Reset Plug-ins for Windows ECSs

Windows

Batch update one-click password reset plug-ins for multiple Windows ECSs.

  • An ECS running CentOS 8.2 (public image) and has an EIP bound is required as the executor.
  • The ECSs must be in the same VPC as the executor or configured with cross-VPC network connectivity.

Password Complexity Requirements

Table 3 shows the password complexity requirements in two scenarios: ECS creation and password reset.

Table 3 Password complexity requirements

Password complexity requirements

ECS Creation

Password Reset

Length

Must contain 8 to 26 characters.

Must contain 8 to 26 characters.

Characters

Must contain at least three of the supported four character types.

Must contain at least three of the supported four character types.

Security

  • Cannot contain the username or the username spelled backwards.
  • Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)
  • Cannot contain the username or the username spelled backwards.
  • Cannot contain more than two consecutive characters in the same sequence as they appear in the username. (This requirement applies only to Windows ECSs.)

Other

None

Cannot start with a slash (/) for Windows ECSs.

Supported Characters

Uppercase letters

Uppercase letters

Lowercase letters

Lowercase letters

Digits

Digits

  • Special characters for Linux ECSs: !@$%^-_=+[{}]:,./?~#*
  • Special characters for Windows ECSs: !@$%^-_=+[{()}]:,./?~#*
  • Online password reset:

    @%-_=+[]:./^,{}? (only applied to Linux)

    $@%-_=+[]:./,? (only applied to Windows)

  • Offline password reset:

    Special characters for Linux ECSs: !@%-_=+[]:./?

    Special characters for Windows ECSs: !@%-_=+[]:./?