Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

Passwords and passphrases

Important: If you have not changed your passphrase in two years, IU requires that you do so. If you do not, your passphrase will expire and you will be unable to log into most IU services. See Why is my IU passphrase expiring?

On this page:

About passwords and passphrases

Passwords are short sequences of letters, numbers, and symbols that you enter to verify your identity to a system, which then allows you access to secure data or other resources.

Passphrases operate on the same principle as passwords, and are used in exactly the same way. However, they differ from traditional passwords in two aspects:

  • Passphrases are generally longer than passwords. While passwords can frequently be as short as six or even four characters, passphrases have larger minimum lengths and, in practice, typical passphrases might be 20 or 30 characters long or longer. This greater length provides more powerful security; it is far more difficult for a cracker to break a 25-character passphrase than an eight-character password.

  • The rules for valid passphrases differ from those for passwords. Systems that use shorter passwords often disallow actual words or names, which are notoriously insecure; instead, your password is usually an apparently random sequence of characters. The greater length of passphrases, by contrast, allows you to create an easily memorizable phrase rather than a cryptic series of letters, numbers, and symbols.

For more information on passphrases, including useful hints on making secure passphrases, see the University Information Security Office (UISO) document Passphrases.

Back to top

Passphrases at Indiana University

IU requires all users to set a Network ID passphrase. This is the passphrase used to access all of your IU accounts online, including email, Oncourse, and OneStart. Network ID passphrases must:

  • Contain at least 15 and no more than 127 characters.

    Note: In Mac OS X 10.3 and 10.4, passphrases for VPN client software are limited to 31 characters. This problem has been resolved in later versions of the operating system.

  • Use at least four unique characters (letters, numbers, or symbols).

  • Use at least four words. "Word" is defined here as two or more distinct letters; words must be separated by one or more spaces or other non-letters, not including numbers or the underscore character ( _ ). E.g.:

    • little pink houses-4unme contains four "words", and would therefore be a valid passphrase.

    • hoagy_carmichael plays123stardust only contains two "words" (the numbers and underscore do not act as separators), and would therefore not be a valid passphrase.

These passphrases must not:

  • Contain your name or username.

  • Use the at sign ( @ ), the number sign ( # ), or the double-quote mark ( " ).

  • Be a common phrase (e.g., to be or not to be or april showers bring may flowers ).

  • Be based on predictable patterns (e.g., the alphabet or the layout of a standard keyboard).

Note: Passphrases are case sensitive. The lowercase  c  is a different letter from the uppercase  C . Make sure that the Caps Lock key is not on, unless you intend to enter all uppercase letters.

To change your Network ID passphrase, visit the Passphrase Maintenance page at:

https://passphrase.iu.edu/

Back to top

Guidelines for keeping your passwords and passphrases secure

  • Consider using passphrase vaulting; see What is passphrase vaulting?

  • Do not write your username and password or passphrase in the same place.

  • Never share your password or passphrase with anyone.

  • Never send anyone your password or passphrase via email, even if the message requesting your password seems official. A request for a password or passphrase is very likely a phishing scam; see What are phishing scams and how can I avoid them?

  • Change your password or passphrase every six months.

  • Do not use the same password or passphrase over multiple services or web sites.

Back to top

Problems with your IU passphrase

If you forget or have other problems with your IU passphrase, you can reset it yourself or have it reset at your campus Support Center walk-in location. For instructions, see At IU, if I have forgotten my Network ID passphrase, how can I reset it?

Note: In Mac OS X 10.3 and 10.4, passphrases for VPN client software are limited to 31 characters. This problem has been resolved in later versions of the operating system.

Back to top

This is document acpu in domain all.
Last modified on March 04, 2013.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.