Passphrase Resources

An ECU passphrase must be at least eight characters long and contain at 3-4 of the following categories:  1) upper case letters, 2) lower case letters, 3) numbers, 4) special characters (!, @, *). Your ECU passphrase must be changed every 90 days.

Set your passphrase or texting number, change your security questions, unlock your PirateID or change your notification email address through the Passphrase Maintenance page.

 

Create a secure passphrase 

Create a Strong Passphrase

Every user protect the ECU network with a strong passphrase. Quickly make up a unique, secure passphrase:
  1. Make up a sentence you can remember. Example: My dog, Sylvia, has a birthday January 14.
  2. Take the first letter of each word, and...
    1. make 1-2 letters upper case
    2. make at least one letter a number
    3. make one character a special character (! @ # $)
The new passphrase is: Md$habJ1

When Creating Your Passphrase, Beware These Pitfalls

Hacker programs crack your passphrase by trying every word in the dictionary and other tricks.

NEVER:

  • Use personal information to create a passphrase.
  • Use the word, password as your passphrase in any form. This includes using number or special characters to make the word look different.
  • Use easily obtained personal information such as license plate numbers, telephone numbers, etc.
  • Use any word contained in a dictionary, spelling list or other word list in any language.
  • Use transformations such as reversing the spelling, changing upper case to lower case or using all caps.
  • Write down your passphrase and post it in an easily-guessed location.
  • Select a passphrase that is common to everyone (Go@Pirates!).

General Passphrase Security

  • NEVER give your passphrase to anyone. Not even your supervisor can ask you to disclose your passphrase.
  • Do not reply to emails requesting your personal information. These emails are fraudulent.
  • If you think someone may have obtained your passphrase, change it immediately using the passphrase maintenance portal and notify the IT Help Desk at 252.328.9866.
  • Don't reveal personal information on the phone. Identity thieves are known to ask seemingly innocuous questions that reveal confidential information.
  • If an ITCS service technician needs your passphrase, you will be asked to type it in yourself. Ask for identification if you are not sure about the person. Change the passphrase after the technician leaves.
  • Never use the "remember this password" feature in your browser when logging in to programs or other ECU systems, such as Blackboard. Others can then log in to the application on your computer using your credentials. Hackers can also find the password file and use it to log on to the ECU network.
  • Lock your computer whenever you leave it.
  • Turn off your office computer each day before leaving.

 

Passphrase Security Standard

ECU's passphrase security standard ensures accounts are protected from unauthorized use.

7.3.1 Passphrases used to provide access to university information resources shall adhere to the following minimum requirements:

  • a) Passphrases shall be at least 8 characters in length.
  • b) Passphrases shall contain characters from 3 of the 4 character classes:
    • Numeral
    • Upper case letter
    • Lower case letter
    • Special character (e.g., !, @, #, *, ?)
  • c) Passphrases shall be changed at a minimum of once every 90 days and shall not use any of the user account's previous 6 passwords.

7.3.2 New user account passphrases and temporary passphrases shall be controlled to prevent disclosure to unauthorized persons. This shall include:

  • a) authenticating a person’s identity before providing a new or temporary passphrase
  • b) providing new or temporary passphrases that are difficult to guess by others
  • c) delivering new and temporary passphrases securely, and in a separate communication from new account notifications
  • d) requiring temporary passphrases to be changed upon login

7.3.3 Default product and vendor account passphrases shall be secured to prevent unauthorized access. Where technically feasible this shall include:

  • a) changing the default vendor passphrase immediately after account activation
  • b) disabling the account when it is no longer needed or between maintenance sessions