Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with ITS

facebook twitter Wordpress Blog

PKI Passwords

Selecting a Password

Do not share the password for your PKI certificate with anyone. However, it must be easy enough for you to remember because the password used to protect a certificate is only known on your computer or eToken (depending upon where your certificate is stored) and cannot be recovered by your local computer support staff.

Encrypting a file and then finding out you are unable to decrypt it is a painful experience. It is very important to create a password you will remember. Select your password very carefully in advance of obtaining your key pair and certificate.

Some password do's and don'ts:

  • Don't use your name, address, or any similar personal information for your password.
  • Don't use any single word or pair of words even if it is in a language other than English, as it is very vulnerable to a dictionary attack (when a computer runs through all the words in a dictionary until it finds your password).
  • Don't use a short password. Eight characters is the minimum required length.
  • Do use a mixture of lower- and upper-case letters and digits: "m1Xed2kZ''.
  • Don't use an easy-to-guess sequence like "qwerty'' or "345678''.
  • Do use mnemonics to help you remember your password: "mpiNfy'' - my password is not for you.
  • Do change your password regularly.
  • Don't use any of the passwords listed here.

Top of page

Resetting Certificate Passwords

eTokens

To reset the current password for the certificate on your eToken, plug the eToken into a Windows computer that has the eToken software installed on it. Click Start, Programs, eToken, then eToken Properties. Click the Change Password button. In the Current Token Password field, enter the password currently on the token. (Only bullets will appear so that someone looking over your shoulder cannot see what you are typing.) In the New Token Password field, enter the new password you want for the certificate on the eToken. In the Confirm Token Password field, enter the same new password. If what you entered in the New Token Password field is the same as what you entered in the Confirm Token Password field, the OK button will become active. Click OK; your certificate password will be changed.

If you do not remember your current password, the eToken will need to be reformatted and a new certificate installed in order to change the password.

Internet Explorer 5.5.x and Greater

If you are using Internet Explorer on a Windows computer, passwords that protect certificates are set when the certificate is created or imported. Each certificate can have a separate password. Software certificates are stored in the registry. There is no explicit feature for changing the password. A password can be changed by exporting the certificate with the Certificate Export Wizard, then re-importing the key, changing the Wizard's options to set a new password. You can access the Wizard by selecting Internet Options from the Tools menu. Select the Content tab, then click the Certificates button. Select the certificate and click the Export button. To reload the certificate, click the Import button.  

Firefox and Netscape

The Firefox and Netscape browsers provide their own certificate store in the file system. Each user profile has one password used to unlock the certificate store for that user profile. If you do not know the master password, the computer can be reset, but this operation will delete the user certificates stored on the computer.

Firefox 1.5 or 2.0

Select Options from the Tools menus (or Preferences from the Firefox menu on Mac OS X) and select the Privacy tab (Windows) or the Security tab (Macintosh or for both platform versions of Firefox 2.0). Click the Set Master Password button after checking the Remember Passwords or Use a Master Password box, then enter and verify a password, then click OK.

Note: An existing password can be changed, provided the previous password is known.

Netscape 7.x

Select Preferences from the Edit menu and open the Privacy & Security section in the left column.

  • The Change Password button allows the existing password to be changed, provided the previous password is known.
  • The Reset Password button allows the existing password to be reset, but this operation will delete the user certificates stored on the computer.

Netscape 8.x

To change the master password,

  • Select Options from the Tools menu, then open the Privacy section. Select Passcard Manager, then click the Change Password button.
  • The Change Password button allows the existing password to be changed, provided the previous password is known.

To reset the master password,

  • Select Options from the Tools menu, then open the Privacy section. Select Passcard Manager, then click the Change Master Password button.
  • If you reset your master password, all of your stored Web and e-mail passwords, form data, and personal certificates will be lost.

Netscape 9.x

  • Select Options from the Tools menu, then open the Security section. Select Use a Master Password, then click Change Master Password.
  • If you reset your master password, all of your stored Web and e-mail passwords, form data, and personal certificates will be lost.

Safari

  • Certificates are stored in the Macintosh KeyChain. Certificates can be managed with an application named KeyChain Access that can be accessed in the Utilities folder in the Applications folder under the GO menu. Information about working with KeyChain Access can be found in the Help menu.

Top of page

Last Updated: 7/24/13