Cardbox Forces Password Reset

Background Information:

Cardbox utilizes U of L Single Sign-On (SSO) for authentication.  Because some third-party apps do not support the use of SSO, has provided an external applications password.

To ensure security, the password requirements have been set as closely as possible to the official University password requirements, including password expiration.

Some Cardbox early adopters, as well as some more recent users, may have manually set this password (this includes all users created before CardBox began using SSO).  Even if not using third-party applications, they will be required to change this password every 90 days.  Once past the 90 day time period, the password will expire and will force the user to reset the password.

When this happens, the user will be unable to use Cardbox via the web, Box Sync and the Box app on mobile clients until the password has been reset.

Forced Password Reset Procedure:

  1. User receives expiration notice:

    1. If using Box Sync, the user will see a screen similar to this:



    2. When using the web, the user will see this:



  2. Here the user will enter there email address ( and click the Reset Password button.

  3. They will then see this page:



  4. The user will then receive an email from that looks like this:



  5. The user will click the Reset Password button, which will take them too the reset page at, that looks like this:



  6. Here the user changes their password.  The password they set should be different from their U of L password and should be strong ( will indicate if the password is too weak).

  7. When the password is reset, the user can log in via the web, Box Sync and the Box app on mobile clients again using their U of L userID and password.

    1. NOTE:  The external password that was just reset is NOT used for the web interface, Box Sync or the Box app on mobile clients.