About your IU passphrase
Important: If you have not changed your passphrase in two years, IU requires that you do so. If you do not, your passphrase will expire and you will be unable to log into most IU services. See Why is my IU passphrase expiring?
On this page:
Passwords and passphrases
Passwords are short sequences of letters, numbers, and symbols that you enter to verify your identity to a system in order to access secure data or other resources. Passphrases operate on the same principle and are used in the same way, but differ from traditional passwords in two aspects:
- Passphrases are generally longer than passwords. While
passwords can frequently be as short as six or even four characters,
passphrases have larger minimum lengths and, in practice, typical
passphrases might be 20 or 30 characters long or longer. This
greater length provides more powerful security; it is far more
difficult for a cracker to break a 25-character passphrase than an
- The rules for valid passphrases differ from those for passwords. Systems that use shorter passwords often disallow actual words or names, which are notoriously insecure; instead, your password is usually an apparently random sequence of characters. The greater length of passphrases, by contrast, allows you to create an easily memorizable phrase rather than a cryptic series of letters, numbers, and symbols.
Passphrases at Indiana University
- Contain at least 15 and no more than 127 characters.
Note: In Mac OS X 10.3 and 10.4, passphrases for VPN client software are limited to 31 characters. This problem has been resolved in later versions of the operating system.
- Use at least four unique characters (letters, numbers, or
- Use at least four words. "Word" is defined here as two or more
distinct letters; words must be separated by one or more spaces or
other non-letters, not including numbers or the
underscore character (
little pink houses-4unmecontains four "words", and would therefore be a valid passphrase.
hoagy_carmichael plays123stardustonly contains two "words" (the numbers and underscore do not act as separators), and would therefore not be a valid passphrase.
Additional requirements are that your passphrase must not:
- Contain your name or username.
- Use the at sign (
@), the number sign (
#), or the double-quote mark (
- Be a common phrase (e.g.,
to be or not to beor
april showers bring may flowers).
- Be based on predictable patterns (e.g., the alphabet or the layout of a standard keyboard).
Note: Passphrases are case sensitive.
c is a different letter from
C . Make sure that the
Caps Lock key is not on, unless you intend to enter all
To change your Network ID passphrase, visit the Passphrase Maintenance page at:https://passphrase.iu.edu/