The CNetID passphrase is an alternative to the CNetID password and functions identically to a CNetID password by authenticating you for all the common services you are eligible to use based on your affiliation with the University.
If you struggle to create and remember complex passwords, a passphrase is an equally secure option. Passphrases are simple sentences that are more secure due to their length rather than their complexity. Passphrases at the University of Chicago must be at least nineteen characters long. For more tips for creating secure passwords and passphrases, please read the article Strengthen and Secure Your Passwords or Passphrases.
Expand the sections below to see more details that will help you increase your password security.
Use two-factor authentication (2FA)
Don't use the same password or passphrase for all your accounts.
Using the same password or passphrase for multiple services is very dangerous. If your credentials are stolen from one service, hackers can use them to access all the accounts where you used them. Always consider what you are protecting when choosing a password or passphrase. You may not need the same level of security for accounts where you do not use any private information. If you are unsure, always err on the side of caution and use a unique password or passphrase.
Of course, it is very difficult to remember more than a few unique passwords and keep track of where you have used them! Consider using a password or passphrase manager, such as Password Safe or LastPass to help you manage multiple passwords and passphrases. These tools often require you to make a “master” password that you use to unlock them – make this a very strong password that you can always remember. If you forget it, you may risk losing your password safe’s contents.
Never share your password or passphrase.
Don’t even share your passwords with friends or family members. Especially do not give them your CNet password or passphrase to gain access to any UChicago service, such as the virtual private network (VPN) or the wireless networks on campus. This is a violation of the Eligibility Acceptable Use Policy (EAUP). Instead, give your guest a temporary password or passphrase through the Uchicago Guest Network.
Your password or passphrase is like your signature. Giving it out to others amounts to giving them the authority to sign your name, which makes you responsible for all activities associated with your account.
Change your password or passphrase when there's any sign of trouble
Don't store your password or passphrase within web applications.
The sole exception is what we’ll call throwaway passwords. Throwaway passwords are passwords or passphrases for accounts that you do not care about and which do not contain sensitive information, such as credit card information, medical history, phone records, etc. A throwaway password might be one of several passwords you reuse for services or applications you rarely visit, that you don’t care about being cracked by hackers, and that do not contain confidential data.
Never use information in a password or passphrase that can be found online.
Store written copies of your passwords or passphrase safely.
Here are some tips for safely storing a hard copy of your password:
- Never write down the name of the service the password is for. For example, if the password is for an Adobe application, do not write Adobe: spacecamp MashedPotatoes4! on a sheet of paper, no matter how safe you think that sheet of paper is!
- Leave some characters out. Instead of writing “spacecamp MashedPotatoes4!” write down an abbreviated form that only you’ll understand, such as sc MP4!.
Use a password or passphrase escrow service.
Use non-secure networks with care.
You may also find useful information on our Travel Tips page.