Summary
Passphrases are created upon the activation of the CWRU Network ID. Passphrases expire after 365 days, except if the user is enrolled in multifactor authentication using Duo Security. You will receive email notifications prior to your passphrase's expiration date. Prior to your passphrase's expiration date, it can be changed. If you forget your passphrase, it can be reset at the passphrase reset page.
Body
Passphrases are created upon the activation of the CWRU Network ID. Passphrases expire after 365 days, except if the user is enrolled in multifactor authentication using Duo Security. You will receive email notifications prior to your passphrase's expiration date. Prior to your passphrase's expiration date, it can be changed. If you forget your passphrase, it can be reset at the passphrase reset page.
During the period that users are enrolled in CWRU Duo Security two-factor authentication system, they will no longer need to change their login passphrases annually.
IMPORTANT: CWRU will never ask for your passphrase via email. If you receive an email asking for your CWRU Network ID passphrase, it is a phishing email meant to steal your credentials. NEVER give out your CWRU Network ID passphrase!
Relevant Links
Common Questions:
What are CWRU's passphrase requirements?
- May not reuse current or previous 4 passphrases
- Minimum acceptable character length of 12
- Maximum acceptable character length of 32
- Minimum complexity is required to ensure passphrases will be strong, as indicated by a “green” score on the passphrase meter display during the creation of a passphrase
What is a CWRU passphrase?
- A passphrase is a sentence-like string of words, spaces and/or symbols used for authentication that is longer than a traditional password, easy to remember and difficult to crack.
What to include in your CWRU passphrase?
- Length
- A passphrase must have a minimum of 12 characters and no more than 32 characters
- Complexity
-
A passphrase must achieve a minimum complexity rating before it will be considered strong enough. The complexity of a passphrase is calculated during its creation. A passphrase will not be accepted if it has not obtained a minimum complexity rating. Note that it is the randomness of the characters and words and NOT the complexity of the concept within the passphrase which makes it complex.
The minimum complexity score can be penalized if a passphrase includes the user's ID, first or last name; or other common words (such as: CWRU, CASE, Western, Reserve, password, computer, etc). These words are not illegal, but will require more effort (using different words and/or symbols, make it longer, doing character substitution) to ensure the passphrase meets the minimum complexity rules to ensure it is strong.
-
Character Substitution
-
Character substitution can be used to help make a passphrase more complex. Use a combination of letters and symbols that look similar and don't forget that you can press the shift key to get something different.
Examples of character substitutions:
-
s=S=$
- l=L=1=!
- e=E=3=#
- o=O=0=)
-
Example passphrase with character substitution:
- Simple (status: BAD):
- With character substitution (Status: Excellent):
- Examples of acceptable passphrases (Note: Do not use these examples for your own passphrase)
- correct horse battery staple
- ! am gr8 @ p33ling apple$
- Hens crossed the ro8d
- Jazz hands chap easily
- I h8t passphrases so much
- *2523LLbank@LYZeeRiver