About Passphrase Security Questions
Passphrase security questions are a common form of online account management utilized by banks and businesses. By answering security questions correctly, users are given the chance to change a passphrase that’s been forgotten.
As part of its online CWRU Network ID account management process, University Technology requires all users to select and answer a series of security questions at the time that an account is activated. Users are prompted to answer those security questions again to execute a Passphrase Reset (if a passphrase is forgotten).
Although passphrase security questions make it convenient for users to re-establish access to an account, using questions with easily guessed answers heighten the risk of breach. Social accounts, blogs, search engine results and news/media resources are all open to malicious actors (e.g., "mother’s maiden name" found in social media or search results, birthplaces may be located in searchable government records).
Use security questions to store extra passphrase instead of actual answers to reduce the risk of loss or abuse by a breach of CWRU Network account credentials. If you answer these questions honestly, the information may be easily located using social networking tools or Google.
Passphrases used in the place of security question answers should be difficult to guess. To help you remember your passphrases, consider using a passphrase management database such as LastPass.
Characteristics of an effective passphrase
- At least eight alphanumeric characters long. The suggested length is 12-15 characters.
- Is a passphrase. For example, "Ohmy1stubbedmyt0e."
- Consists of at least three of these four categories: lowercase letters, UPPERCASE letters, numbers (0-9), punctuation special characters (!@#$%^&*()_+|~-=\`[ ]:";'<>?,./)
- Not a word in any language, slang, dialect, jargon, etc.
- Not based on personal information, names of family, does not resemble your Network ID, or other information that could be guessed.
- Easy for you alone to remember. Use the basis of something you know well, such as a song title, affirmation, or other phrase. For example, the phrase “this is my password” could be transformed into “Th!$!$m/P@&&wrd”
Reassign your passphrase security questions
To reassign your passphrase security questions visit the Passphrase Security Question Settings page. Select a security question from the Question dropdown box and enter the answer into the Answer and Re-Type Answer fields. Finally, click on the Submit button.
Determine if your passphrase has been breached or reset
If you find you can neither log in with your passphrase nor change your passphrase using the UTech Passphrase Change page, someone may have guessed and reset your passphrase in order to gain access to your CWRU Network account.
What to do if your passphrase has been breached
Call the UTech Service Desk at 216.368.HELP (4357) to report the account compromise. The Service Desk staff will help you reset your passphrase.
Once your passphrase has been changed, log in to the CWRU Network and change your security questions using the Passphrase Security Question Settings page. If you use your CWRU password for other websites or applications (e.g., facebook, banking, etc.), change those passphrases and security questions also.