CalNet IS-3 Passphrase Reset Project

Overview

CalNet IS-3 Passphrase Change Project is an initiative intended to align CalNet with new passphrase requirements laid out in the latest update of the University of California’s systemwide Information Security Policy, IS-3.

All CalNet passphrases created or changed on or after September 1, 2020 will automatically meet these new IS-3 requirements; all other passphrases will need to be changed. This change does not apply to Sponsored Guests.

Why the change?

The new version of IS-3 requires that we follow different passphrase standards. These requirements were added to CalNet passphrase tools and as of Sept. 1, 2020, any new passphrases created or changed meet the new standards. We will roll out these requirements to cohorts. 

What changed?

The regular passphrase increased in length from 9 to 12 characters and people can now select to use a long passphrase (more than 20 characters) with no complexity requirements. 

What to expect:

  • The Information Security Office will select small cohorts on a rolling basis and notify each cohort of their window of time to update their CalNet passphrases.
  • When the individuals in the selected cohort log into campus systems that use the CalNet Authentication Service (CAS) they will receive a special “Password Change Required” prompt via the CAS login screen. 
  • Each cohort will have one week to complete the change. If the individuals miss the window they will be automatically redirected to change their passphrase.

How to change your CalNet passphrase:

  1. Review and update (or add) a Recovery Email Address
  2. Follow the instructions to Change your Passphrase. Do not reuse this passphrase for any other account!
    1. If you have a UC Berkeley managed computer, follow the steps in this KB article to update your local account.
  3. Sign up for a free LastPass Premium account to keep your passwords safe.

FAQs:

  1. What if my old passphrase already meets the new requirements? The system only knows that you meet the new requirements if you changed your passphrase after September 1, when the technical requirements were in place. Therefore, you will still need to change your passphrase.

  2. Can I reuse a previous passphrase? No, the system will not accept reused CalNet passphrases.

  3. Can I update my passphrase before being contacted? Yes! In fact, we encourage it. Just follow the instructions above and you will be automatically removed from our contact list.
  4. How can I update my passphrase on my UC Berkeley managed machine? If you use your CalNet ID and passphrase to log in to your campus-managed Windows or Macintosh machine, you may have trouble logging in after you update your passphrase. To avoid difficulties, follow these the steps in this KB article.

  5. I can't remember a bunch of passwords, can't I just reuse a passphrase that I use for my other site? No! Sites can get breached and attackers can test other accounts to see if you’ve reused your passphrase. UC Berkeley users can get free LastPass Premium account and leverage LastPass to create and manage unique passphrases for all your accounts.

Additional Information:

CalNet's Manage My CalNet Account Page

For specific questions contact calnet@berkeley.edu