Using Studio Web to automatically rotate your passwords

Let’s imagine a scenario where your IT department requires you to rotate your password for a specific website every few weeks for security reasons. To do that, you receive a reminder to go and change your password for that specific website.

But what if you don’t want to do it manually, because it is a mundane task? What if you already have a place where you store your passwords, such as a password manager, and all your passwords are auto-generated, random strings anyway.

Well, let’s explore a proof of concept where we will try to automate this process for you. Naturally, we will make a few assumptions here and there to make it work, but it should be an interesting proof of concept either way.

The end result

The final automation will use the Studio Web automated email triggers and UI Automation capabilities to solve this mundane task for you:

Prerequisites

The process itself will be done 100% in Studio Web. However, we need to define our inputs and outputs. Thus:

  • Instead of a password manager, we will store our password in a Credential Asset in our Personal Workspace in Orchestrator.

  • We will also need a random password generator. For this, we will use this handy website: Password Generator

  • Lastly, we will need a test account. Let’s use a cloud.uipath.com account that was registered with an email and a password for that.

Let’s get to work!

Step 1 - setting up the Email trigger

We will start our automation whenever we receive an email with a password reset link. To do so, simply select an event-based process when creating the new process from the following dropdown:
image

Once done, your process will be created and you will be able to configure your trigger activity to your liking, including ready to use filters:


Step 2 - fetch the existing asset from Orchestrator

To start, we can already fetch the existing credential asset that we will update later on.

Step 3 - Find the links in the email

Here we will search for the URLs that are present in the email and we will find one that is valid for our target application.


The expression might not look super understandable at first, but soon it won’t be needed because you will be able to simply select the option to find urls.

Step 4 - Iterate all links to find the one we need with a For Each activity

This way we can quickly find and focus on the URL that we want, in this case, the one that will reset our password.

Step 5 - Generate the new password

With our handly website from above, we can generate a new password with a few clicks:

Step 6 - Change the password

With a few more clicks, we will navigate to the target password reset URL and change the password. This website asks us to login afterwards as well, which is also super simple.

Step 7 - Reply to the original email with a status report

To make sure all went well, we can now reply to the original email to inform ourselves that everything is fine. On top of it, we can also inform ourselves if something went wrong by sending ourselves a screenshot taken when the application had an exception.
image

Final thoughts

In theory, one could follow this automation by introducing a small process to their daily flow that would open your specific set of websites and automatically log you into them. This way, you could fully automate your password rotation routine, even at home, resulting in an overall increase in your security