How to change your Microsoft password

1. Foreword

In today’s digital world, usernames and passwords are essential for protecting access to sensitive company resources.

Why? Would you hand over your bank card along with the PIN to just anyone? Probably not.

In the same way, you should never share your digital login credentials with anyone else – not even with colleagues or members of the IT department.

That’s because the data in our IT systems is just as valuable to the company as your banking information is to you.

Lost or stolen login credentials can be used to access sensitive corporate information. Cybercriminals often – and unfortunately very successfully – use such data for extortion involving large ransom demands.

Such incidents can lead not only to legal consequences for the company but also to significant financial penalties.

Improper handling of login credentials can also have personal consequences for you. In the worst case, negligent handling of passwords could result in legal action being taken against you.

A security breach can also damage the trust of business partners, which in turn harms the company’s reputation.

Vega-IT aims to enable you to authenticate yourself across all company applications and services using your Windows username – which matches your email address – and your password. Regularly updating this password is therefore especially important.

2. Important to know

Your password is already used for the following services and applications:

Use of Microsoft 365 Apps (Word, Excel, Outlook, ..., Teams)
VPN connection from the remote office via Sophos Connect (location: Siezenheim)
Access to the email account

In the branch offices, the Microsoft account is currently used only for accessing the email account.

Please make sure to use the new password after changing it, and update it in the mail app on your smartphone.

If you are using Microsoft 365 apps such as Word or Excel with a license provided by Vega IT, you will be prompted to enter your new login credentials the first time you start Office and after any password change.

You are required to handle your password with care. Never share your login credentials with anyone – not even with IT staff – and do not write them down, whether digitally or on paper (e.g., sticky notes). Mishandling your credentials may be considered gross negligence and could potentially lead to legal consequences. If needed, use the Bitwarden Password Manager hosted by Vega-IT to securely store your company-related login information.

Windows computers managed by Vega-IT will notify you 14 days before your password expires with a corresponding message. In addition, all users will receive several email reminders to change their password. If you do not change your password by the expiration date, the services and applications mentioned above will stop working. Vega-IT therefore recommends changing your password in advance, as described below.

If your password has already expired and you are on the go, you can change it via the M365 Self Service Password Recovery Portal.

3. Password Policy

What good is a password if it’s short and easy to guess? For this reason, the following requirements apply to your Windows password:

Minimum length: 12 characters
Must include uppercase and lowercase letters
At least one number and one special character
Maximum password age: 180 days
Minimum password age: 7 days
Password history: last 3 passwords
No more than 3 consecutive characters from your first or last name

While the requirements for length, character types, and special characters are self-explanatory, points 4 to 6 need a brief explanation:

Maximum password age: Determines how often you must change your Windows password. At Vega, this is every 180 days.
Minimum password age: Determines how soon you can change your password again after a change. At Vega, this is after 7 days.
Password history: Specifies how many unique new passwords you must use before reusing an old one. At Vega, a cycle of 3 changes is required.
Consecutive characters from names: You may use no more than 3 consecutive characters from your first or last name. Example: If the user’s name is Maximilian Mustermann, passwords containing "maxi", "muster", "mann", or similar sequences will not be accepted.

Also note: After 5 failed login attempts within 10 minutes, your Windows account will be locked for 10 minutes. This measure helps prevent common attack scenarios where cybercriminals try to guess passwords.

3.1 Which password should I use?

Our suggestion: Use a short sentence that you can easily remember – for example IWantToLogIn. Add to this sentence a word that describes the service you are logging into (e.g., Windows, Lyra, Amazon, PayPal, etc.).

To ensure the password also contains special characters and numbers, insert a symbol such as ., $, or ! between the fixed part and the variable word, followed by your lucky number, for example:

Service Example Password Windows Login IWantToLogIn.Windows56 Amazon IWantToLogIn.Amazon56
Paypal IWantToLogIn.Paypal56
Lyra IWantToLogIn.Lyra56

However, when using such password patterns, there is a risk that someone could guess the passwords for other services if one of them becomes known.

The safest option is to use a unique, randomly generated password for each service. For this, we recommend the Bitwarden Password Manager hosted by Vega-IT. It can automatically create strong passwords and manage them securely.

4. Changing Your Password

There are two ways to change your Microsoft password: if you are working on a computer issued by Vega-IT, it is recommended to change the password under Windows. External employees or mobile users must change the password

4.1 Password change under Windows

Important: The procedure described in this section is intended only for individuals working with a Windows computer provided by Vega-IT. All other individuals should follow step 4.2: Changing the password via the M365 Self-Service Password Recovery Portal.

You will be prompted to set a new password 180 days after your last password change during Windows login:

As mentioned, you should change your password before it expires, otherwise various services and applications will stop working, see section 2. Important to know. To change your Windows password, follow these steps:

Log in to your Windows computer as usual, if you haven't already.
If working remotely, establish a VPN connection to the company network using Sophos Connect. This is necessary to store the new password in the authentication server’s database.
Press the key combination CTRL + ALT + DEL
Select Change a password
Enter your current password and your new password in the designated fields
Confirm the entry by pressing the ENTER key
You will receive a notification that your password has been successfully changed.
If the process fails, please refer to the previously mentioned password policy.

Important: If you have saved your old password in any application, such as the email app on your smartphone, you must replace it with the new password. A common example is the email app on your smartphone, for iPhones check How to change the ActiveSync Exchange password on iPhone : Vega Service Desk. If you do not update the new login credentials, it is likely that your Windows access will be locked according to the password policy due to failed login attempts with the old password.

4.2 Changing the password via the M365 Self-Service Password Recovery Portal

Open the website https://aka.ms/sspr or https://passwordreset.microsoftonline.com/

Enter your email address and the characters in the image:

Next, confirm your identity using multi-factor authentication by entering the code in the authenticator app:

Choose a new password and confirm it for security reasons:

Your password has been changed.

If an error occurs, make sure you meet the password policy requirements and repeat the process.

Important: If you have saved your old password in any application, you must replace it with the new password. A common example is the email app on your smartphone and Outlook on your computer. In both cases, you should be asked for the new password automatically. If you do not update the new login credentials, it is likely that your access will be locked according to the password policy due to failed login attempts with the old password.

Questions or problems? Please contact Vega IT Support:

☎️ +43662436280555

📧 it@vegatrans.com

💻 https://servicedesk.vegatrans.com