IdenTrust Inc. Logo
Home | Login | Contact Us  

  
OVERVIEW DIGITAL CERTIFICATE INSTRUCTIONS FAQ LIBRARY HOW-TO DOWNLOADS
PASSPHRASE, PASSWORD, PASSCODE FAQ's

Support > Most Popular: Password and Passphrase

The certificate in your computer and the information in your account are protected by passwords that only you know. It is very important that you remember these passwords, and that you protect them as you would any piece of identification. To simplify matters, you may wish to use the same word, phrase, or numbers in both cases, but this is not necessary. If you must write down either of your passwords, please keep them in a secure place, away from your computer.

Select from these frequently asked questions about passphrases and passwords:

  1. What is the difference between a passphrase and a password

  2. What are the rules for creating an IdenTrust account passphrase?

  3. What happens if I forget my account passphrase?

Smart Card or USB Token users:

  1. What is a passcode or passphrase?

  2. What happens if I forget my passcode / passphrase?

Internet Explorer users:

  1. What is the CryptoAPI Private Key password?

  2. What happens if I forget my password?

Mozilla Firefox users:

  1. What is the Master Password?

  2. What happens if I forget my Master Password?

Washington State government users:

  1. What is a Roaming Client Password?

  2. What happens if I forget my Roaming Client Password?


Summary of types of passwords associated with different certificate programs offered by IdenTrust:

Password Type: IdenTrust Account Passphrase CryptoAPI Private Key Password Master Password SafeNet Passcode Datakey Passphrase Roaming Client Password
Password purpose: account maintenance
allow use of certificate
Certificate Type:
State of Washington Basic - Software
x
State of Washington Basic - Roaming
x
State of Washington Intermediate and High
x
ACES (federal government)
x
ECA Medium (Dept of Defense)
x
ECA Medium Hardware (DOD)
x
TrustID
x


NOTE: All marks, logos and company names referenced in this page are trademarks of their respective owners.

1. What is the difference between a passphrase and a password?

Your IdenTrust account passphrase protects your account services. You will need you passphrase in order to retrieve your certificate, check your account status, revoke your certificate, and in order to renew your account each year.

Your password is called a Master Password, CryptoAPI Private Key password, Passcode, Passphrase, or Roaming Client Password, depending on the service you have selected and the hardware and software you use with your certificate. This password protects the certificate in your computer, and is used each time you use the certificate.

You may use the same string of letters and numbers for both your passphrase and password; however, the two are not linked, so changing one of them will not affect the other.

2. What are the rules for creating an IdenTrust account passphrase?

An IdenTrust account passphrase must be 8 – 30 characters in length. It can consist of letters, numbers, and any special characters except ( ) \ / “ *. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing).
The passphrase should be something that you will be able to remember, but that others will find difficult to guess.

You create your passphrase when you register for an IdenTrust certificate.


3. What happens if I forget my account passphrase?

For reasons of security and non-repudiation, no person or equipment has access to your unencrypted passphrase, so there is no mechanism for us to look up your passphrase if you forget it. If you forget your passphrase, you will need to reset it. You can do this by going to the Certificate Management Center and beginning to login. When presented with the Choose a digital certificate dialog screen, click Cancel.


On the next screen, enter your account number, and then click the I forgot my passphrase link.

You should see the following screen indicating that passphrase assistance instructions have been sent your email address.


Follow the instructions in the email to allow you to reset your passphrase. If you cannot remember the answers to your secret questions, you will have to apply for a new certificate.


Back to top

Smart Card or USB Token users:

4. What is a passcode or passphrase?

This is the security code that you create when you retrieve your hardware-based certificate. We recommend that the passcode or passphrase be at least 6 characters in length, and it may be as long as 20 characters. It can consist of letters, numbers, and/or special characters. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). You will use this passcode or passphrase each time you access the certificate on your smart card or USB token.

5. What happens if I forget my passcode / passphrase?

If you forget your token’s passcode/passphrase, you will not be able to use your certificate until you re-initialize the token and do a key recovery. This process usually takes 3-5 business days to complete.

If your organization has a Certificate Coordinator, Trusted Internal Correspondent, or Local Registration Agent registered with us, you can contact that person to initiate a key recovery.

For State of Washington program key recoveries, please follow these steps to initiate a key recovery:

  1. Open the web page of our Certificate Management Center. If you are asked to choose a certificate to log in with, click Cancel.

  2. Enter your account number and your IdenTrust account passphrase when prompted. (Your account number can be found in the paper letter you received when your account was approved. Your IdenTrust Account passphrase is the password you chose online when you applied for the certificate.)

  3. In the section that lists your Valid Certificates, make sure the encryption certificate for your token or Smart Card is selected (highlighted).

  4. In the drop-down box under the Valid Certificates, select I would like to request recovery of my certificate, and click the Continue button.

  5. Follow the onscreen instructions to complete the key-recovery request.

Your request will then be processed by our Registration department. Once the request has been approved, you will be sent a letter (via US mail) with new retrieval information. You may then retrieve the new certificate by following the same process you used when initially retrieving it. You may visit www.identrust.com/app-status.html to track the status of your application.

If you have a Smart Card or USB token for an ECA certificate, you will need to do an ECA Program Key recovery. Directions are available on that page.

Back to top

Internet Explorer users:

6. What is the CryptoAPI Private Key password?

This is the password that you create during the retrieval process to protect your certificate, and will be used each time you use or export the certificate.

We recommend that this password be at least 6 characters in length, and it may be as long as 30 characters. It can consist of letters, numbers, and special characters. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). To protect your certificate, we recommend that you do not check the Remember password box.

The CryptoAPI Private Key password is stored in the Internet Explorer browser within your computer and IdenTrust never has access to it. It allows you to encrypt and decrypt data and to authenticate transactions using your digital certificate.

7. What happens if I forget my CryptoAPI Private Key password?

IdenTrust never has access to your CryptoAPI Private Key password, so we are unable to help you retrieve it if it is lost or forgotten. If you forget this password, you will not be able to use your current certificate and will need to replace it. This process will take approximately 3-5 business days, and will be done without charge to you. For more information on replacing a certificate, please read the FAQ on replacing your certificate.

Back to top

Mozilla Firefox users:

8. What is the Master Password?

This is the password that you create during the retrieval process to protect your certificate, and will be used each time you use or back up the certificate.

This password should be at least 6 characters in length, and can be as long as 20 characters. It can consist of letters, numbers, and special characters. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). The password is created and stored in Mozilla Firefox within your computer, so IdenTrust never has access to it.

9. What happens if I forget my Master Password?

If you forget your Master Password, you will not be able to use your certificate and will have to replace it. If you have multiple certificates, you won’t be able to use any of them. You will need to erase the certificate(s) and replace it (them).

Follow these steps to delete and replace your certificate(s). These step will permanently erase your certificate(s), so only follow this process if you have forgotten your Master Password.

  1. Click the Tools menu at the top of the Firefox browser window.

  2. Click Options. Depending on your version of Firefox, the icons will be on either the left side or the top of the Options window.

  3. Click Advanced.

  4. Open the Certificate Manager window:

    1. If your icons are at the top of the Options window, click the Security tab, and then click View Certificates.
    2. If your icons are on the left side, look for Certificates in the main part of the Options window. Under the Certificates heading, click Manage Certificates.

  5. Select the certificate you want to delete, and click the Delete button.
  6. Click OK when asked whether you are sure you want to delete the certificates.

To obtain a new IdenTrust certificate to replace the deleted one, please see the FAQ on replacing your certificate.

Back to top

Washington State agency users:

10. What is a Roaming Client Password?

This password is created after you retrieve your certificate. It should be at least 8 characters in length, and must contain at least one upper case letter, one lower case letter, and one number; it may also contain special characters

You will use this password to log in every time you request access to the certificate.

11. What happens if I forget my Roaming Client Password?

If you need to change the password because you have forgotten the current one, it can be done through the Certificate Management Center (CMC).

When you click the link for the CMC, it will initially ask you to choose a certificate to log in with. Click Cancel on that screen. This will allow you to log in using your account number and IdenTrust Account Passphrase. You must know your IdenTrust Account Passphrase to reset your Roaming Client Password. If you do not remember the passphrase, you can reset it by going to the Certificate Management Center and clicking on the link that says I forgot my passphrase; you will then be sent an email asking you to provide answers to your secret questions so that we can reset your passphrase.

Once you have logged in, select the Manage your certificates section, where there is an option to Change your Roaming Password.

Back to top



RELATED CONTENT
Certificate Management Center
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: State of Washington
PKI Basics
Certificate Security and Protection
Change Control Schedules
Support Main
Contact Support
 

FEDERAL AGENCY PROGRAMS
Department of State
D-Trade
Department of Labor
Department of Labor
Department of Treasury IRS
Secure Data Transfer
MeF Electronic Filing Certificate
General Services Administration
eOffer

STATE AGENCY PROGRAMS
Florida
JCalendar for State Court Systems
West Virginia
Department of Environmental Protection
Virginia
Department of Transportation (VDOT)
Department of Mines Minerals and Energy (DMME)
 © 2008 IdenTrust Inc. All Rights Reserved    Home | Contact Us | Legal Policies IdenTrust