Manage Windows Passwords

Windows users can manage updates to their JumpCloud passwords directly on their device. We recommend changing your password directly on your device using the JumpCloud Tray App. This method automatically updates the Windows Credential Manager, ensuring you retain access to saved passwords and applications without additional steps.

Prerequisites:

• The device must be managed by JumpCloud through the Windows agent. See Understand the JumpCloud Agent to learn more.
• The device must be running a supported version of Windows. See Windows JumpCloud Agent Compatibility, System Requirements, and Impacts to learn more.
• Users can't manage passwords when their passwords are expired or they are locked out of their JumpCloud account. See Password Statuses to learn more.

Considerations:

• Credential Manager and Data Protection API:
  • On-Device Changes - Passwords changed locally via the JumpCloud Tray App or Ctrl+Alt+Del automatically update the Windows Credential Manager and the Data Protection API (DPAPI). No further action is required.
  • Off-Device (Remote) Changes - Passwords changed outside of Windows such as in the User Portal, the Admin Portal, or an Identity Provider do not automatically update the Credential Manager and require a synchronization step at next login to preserve saved credentials. Jump to Syncing Your Password After a Remote Change to learn more.
• If you have MFA enabled in your organization, your users will need to verify their identity using MFA before they can change their password. They can use Push MFA though the JumpCloud Protect app, TOTP MFA through either JumpCloud Protect or another authenticator, or use Duo. However, Duo is only available if it’s the only form of MFA available. 
• If you're prompted to enter a PIN to sign in but don't know it, click Sign-in options > Password (key icon) to use your password instead.
• User accounts managed by Active Directory using AD integration won't be able to use the Windows App to reset their password.

Password Update Methods

1. Open the JumpCloud Windows App running in the system tray and click Reset password.
   • For more information, see Users: Change Your Password in the Windows App.
2. Press Ctrl+Alt+Del and click Change Password.
3. Open the JumpCloud User Portal login page and select Reset User Password. 
   • For more information, see Change Your User Portal Password. 
4. Open the JumpCloud User Portal and navigate to the Security Settings.
5. Update password using a link included in a password expiration email reminder.
   • If you enable the Password expires after N days option, users receive one email a day for 7 days leading up to their password's expiration that asks them to reset their password.

Changing your Password in the JumpCloud Windows Tray App

The JumpCloud Windows App is the preferred method for user password changes on Windows devices. Below is an overview of the user process. For specific user instructions, see Users: Change Your Password in the Windows App. Note that when you change your password, any active sessions (User Portal, SSO applications, etc.) will be terminated.

The user flow:

1. In the system tray, open the JumpCloud Windows App.
2. To change the password, type in your previous password, followed by the new password twice for confirmation.
3. If MFA is enabled for your JumpCloud account, you need to authenticate your account. Depending on the types of MFA enabled by your organization, you'll see one of two options:

• Push: Use the JumpCloud Protect app to verify your identity with a push notification. See JumpCloud Protect for End Users.

• TOTP: Enter a six-digit code from an authenticator app such as JumpCloud Protect or Google Authenticator.

4. The new password is instantly synchronized with any other password stores.
5. The Windows device agent then contacts JumpCloud's credential management services through a secure Transport Layer Security (TLS) connection.
6. The device agent synchronizes changes from the device to JumpCloud and all the resources JumpCloud manages. If you're using AD Sync, the password changes sync to Active Directory® as well.

Changing your password using Ctrl+Alt+Del

To change your password using Ctrl+Alt+Del:

1. Press Ctrl+Alt+Del, then select Change Password.
2. Enter your Old Password.
3. Enter your New Password.
4. Enter your new password again in Confirm Password.
5. If MFA is enabled for your JumpCloud account, you need to authenticate your account. Depending on the types of MFA enabled by your organization, you'll see one of two options:

• Push: Use the JumpCloud Protect app to verify your identity with a push notification.

• TOTP: Enter a six digit code from an authenticator app such as JumpCloud Protect or Google Authenticator.

6. Click OK.

Syncing Your Password After a Remote Change

If you change your password off of the device, you will need to complete a password sync step the next time you log in. This extra step updates the Windows Credential Manager to use your new password, ensuring your saved logins and Windows apps continue to work without interruption.  

To sync passwords after a remote change:

1. Log in to Windows using your New Password.

2. A prompt appears: Your password recently changed. Enter your previous and current passwords to sync them on this device.
3. Under Previous Password, enter the password you previously used to log in to the device before the change. 
4. Under Current Password, enter the new password you just created.
5. Press Enter to sync your passwords. Your saved credentials, browser cookies, and app tokens are preserved.