Indiana University
University Information Technology Services
  
What are archived documents?

Passwords and passphrases

On this page:

About passwords and passphrases

You are probably familiar with passwords from using them to secure your online activities at IU and elsewhere. They are short sequences of letters, numbers, and symbols that you enter to verify your identity to a system, which then allows you access to secure data or other resources.

Passphrases operate on the same principle as passwords, and are used in exactly the same way. However, they differ from traditional passwords in two main ways:

  • Passphrases are generally longer than passwords. While passwords can frequently be as short as 8, 6, or even 4 characters, passphrases have larger minimum lengths and, in practice, typical passphrases might be 20 or 30 characters long or longer. This greater length provides more powerful security; it is far more difficult for a cracker to break a 25-character passphrase than an 8-character password.

  • There are usually different rules for determining valid passphrases. Systems that use shorter passwords often disallow actual words or names, which are notoriously insecure; instead, your password is usually an apparently random sequence of characters. The greater length of passphrases, by contrast, allows you to create an easily memorizable phrase rather than a cryptic series of letters, numbers, and symbols.

For more information on passphrases, including useful hints on making secure passphrases, see the University Information Security Office (UISO) document, Passwords are passe.

Passphrases at Indiana University

As of October 26, 2006, IU began requiring all new users, and all other users who choose to change their existing passwords, to set a Network ID passphrase. This will be the passphrase used to access all of your IU accounts online, including email, Oncourse CL, and SIS. To change your IU Network ID passphrase, visit the Passphrase Maintenance page at:

https://passphrase.iu.edu/

Note: When you first change your password to a passphrase on this page, you will enter your current password in the box marked "Current Network ID Passphrase".

When choosing an IU Network ID passphrase, follow the requirements below:

Network ID passphrases must:

  • Contain at least 15 and no more than 127 characters.

  • Use at least four unique characters (letters, numbers, or symbols).

  • Use at least four words. "Word" is defined here as two or more distinct letters; words must be separated by one or more spaces or other non-letters, not including numbers or the underscore character ( _ ). I.e.:

    • little pink houses-4unme contains four "words", and would therefore be a valid passphrase.
    • hoagy_carmichael plays123stardust only contains two "words" (the numbers and underscore do not act as separators), and would therefore not be a valid passphrase.

Note: In Mac OS X, passphrases for VPN client software are currently limited to 31 characters. This is a problem with Macintosh software, and Apple has not yet announced a date for fixing it.

These passphrases must not:

  • Contain your name or username.

  • Use the at sign ( @ ), the number sign ( # ), or the double-quote mark ( " ).

  • Be a common phrase (e.g., to be or not to be or april showers bring may flowers).

  • Be based on predictable patterns (e.g., the alphabet or the layout of a standard keyboard).

Users who still have a Network ID password will be able to continue to use it, in order to give them some time to become accustomed to the change. You are not required to change your password to a passphrase at this time; however, with the greater security afforded by passphrases, you should consider changing as soon as possible.

Note: Passwords and passphrases are case sensitive. The lowercase  c  is a different letter from the uppercase  C . Make sure that the Caps Lock key is not on, unless you intend to enter all uppercase letters.

Hints for creating secure passwords and passphrases

When creating a password or passphrase, consider the following hints to make it both secure and easily memorizable:

  • Avoid common phrases, lyrics, or quotations; these can be easy for hackers to guess. However, you can create an acronym from the letters of the words in a phrase or quotation that is memorable to you (e.g., "To be or not to be?" could become 2BRnot2B?).

  • While randomly selected words will make a stronger passphrase than words typically used together, using your random words in a grammatical English sentence will make the passphrase much easier to remember.

  • Interleave two words or a word and a number sequence that is meaningful to you, for example, your favorite fruit and a memorable year (e.g., "kiwi" and "1987" could be interleaved as k1i9w8i7 , ki19wi87 , or ki1987wi ).

  • Deliberately misspell words, or substitute phonetic replacements throughout (e.g., "Mississippi" could become Mrs.Ippi ).

  • Use a mixture of uppercase and lowercase letters.

Guidelines for keeping your passwords and passphrases secure

  • Consider using passphrase vaulting; see What is passphrase vaulting?

  • Do not write your username and password or passphrase in the same place.

  • Never share your password or passphrase with anyone.

  • Never send anyone your password or passphrase via email (even if the message requesting your password seems official).

  • Change your password or passphrase every six months.

Problems with your IU password or passphrase

If you forget or have other problems with your password or passphrase, you can reset it yourself or have it reset at your campus Support Center walk-in location. For instructions, see At IU, how do I reset my Network ID passphrase?

Note: In Mac OS X, passphrases for VPN client software are currently limited to 31 characters. This is a problem with Macintosh software, and Apple has not yet announced a date for fixing it.

Also see:

This is document acpu in domain all.
Last modified on June 29, 2009.
Please tell us, did you find the answer to your question?