IdenTrust Inc. Logo
Home | My Account | Contact Us  

SUPPORT GENERAL ACES ECA IGC SSL TRUSTID
PASSPHRASE, PASSWORD, PASSCODE FAQ's

Support > Most Popular: Password and Passphrase

The certificate in your computer and the information in your account are protected by passwords that only you know. It is very important that you remember these passwords, and that you protect them as you would any piece of identification. To simplify matters, you may wish to use the same word, phrase, or numbers in both cases, but this is not necessary. If you must write down either of your passwords, please keep them in a secure place, away from your computer.

Select from these frequently asked questions about passphrases and passwords:

  1. What is the difference between a passphrase and a password

  2. What are the rules for creating an IdenTrust account passphrase?

  3. What happens if I forget my account passphrase?

Smart Card or USB Token users:

  1. What is a passcode or passphrase?

  2. What happens if I forget my passcode / passphrase?

Internet Explorer users:

  1. What is the CryptoAPI Private Key password?

  2. What happens if I forget my password?

Mozilla Firefox users:

  1. What is the Master Password?

  2. What happens if I forget my Master Password?

Summary of types of passwords associated with different certificate programs offered by IdenTrust:

Password Type: IdenTrust Account Passphrase CryptoAPI Private Key Password Master Password SafeNet Passcode Datakey Passphrase
Password purpose: account maintenance
allow use of certificate
Certificate Type:
ACES (federal government)
x
ECA Medium (Dept of Defense)
x
ECA Medium Hardware (DOD)
x
TrustID
x


NOTE: All marks, logos and company names referenced in this page are trademarks of their respective owners.

1. What is the difference between a passphrase and a password?

Your IdenTrust account passphrase protects your account services. You will need you passphrase in order to retrieve your certificate, check your account status, revoke your certificate, and in order to renew your account each year.

Your password is called a Master Password, CryptoAPI Private Key password, Passcode, Passphrase, or Roaming Client Password, depending on the service you have selected and the hardware and software you use with your certificate. This password protects the certificate in your computer, and is used each time you use the certificate.

You may use the same string of letters and numbers for both your passphrase and password; however, the two are not linked, so changing one of them will not affect the other.

2. What are the rules for creating an IdenTrust account passphrase?

An IdenTrust account passphrase must be 8 – 30 characters in length. It can consist of letters, numbers, and any special characters except ( ) \ / “ *. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing).
The passphrase should be something that you will be able to remember, but that others will find difficult to guess.

You create your passphrase when you register for an IdenTrust certificate.


3. What happens if I forget my account passphrase?

For reasons of security and non-repudiation, no person or equipment has access to your unencrypted passphrase, so there is no mechanism for us to look up your passphrase if you forget it. If you forget your passphrase, you will need to reset it. You can do this by going to the Certificate Management Center and beginning to login. When presented with the Choose a digital certificate dialog screen, click Cancel.


On the next screen, enter your account number, and then click the I forgot my passphrase link.

You should see the following screen indicating that passphrase assistance instructions have been sent your email address.


Follow the instructions in the email to allow you to reset your passphrase. If you cannot remember the answers to your secret questions, you will have to apply for a new certificate.


Back to top

Smart Card or USB Token users:

4. What is a passcode or passphrase?

This is the security code that you create when you retrieve your hardware-based certificate. We recommend that the passcode or passphrase be at least 6 characters in length, and it may be as long as 20 characters. It can consist of letters, numbers, and/or special characters. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). You will use this passcode or passphrase each time you access the certificate on your smart card or USB token.

5. What happens if I forget my passcode / passphrase?

If you forget your token’s passcode/passphrase, you will not be able to use your certificate until you re-initialize the token and do a key recovery. This process usually takes 3-5 business days to complete.

If your organization has a Certificate Coordinator, Trusted Internal Correspondent, or Local Registration Agent registered with us, you can contact that person to initiate a key recovery.

Your request will then be processed by our Registration department. Once the request has been approved, you will be sent a letter (via US mail) with new retrieval information. You may then retrieve the new certificate by following the same process you used when initially retrieving it. You may visit www.identrust.com/app-status.html to track the status of your application.

If you have a Smart Card or USB token for an ECA certificate, you will need to do an ECA Program Key recovery. Directions are available on that page.

Back to top

Internet Explorer users:

6. What is the CryptoAPI Private Key password?

This is the password that you create during the retrieval process to protect your certificate, and will be used each time you use or export the certificate.

We recommend that this password be at least 6 characters in length, and it may be as long as 30 characters. It can consist of letters, numbers, and special characters. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). To protect your certificate, we recommend that you do not check the Remember password box.

The CryptoAPI Private Key password is stored in the Internet Explorer browser within your computer and IdenTrust never has access to it. It allows you to encrypt and decrypt data and to authenticate transactions using your digital certificate.

7. What happens if I forget my CryptoAPI Private Key password?

IdenTrust never has access to your CryptoAPI Private Key password, so we are unable to help you retrieve it if it is lost or forgotten. If you forget this password, you will not be able to use your current certificate and will need to replace it. This process will take approximately 3-5 business days, and will be done without charge to you. For more information on replacing a certificate, please read the FAQ on replacing your certificate.

Back to top

Mozilla Firefox users:

8. What is the Master Password?

This is the password that you create during the retrieval process to protect your certificate, and will be used each time you use or back up the certificate.

This password should be at least 6 characters in length, and can be as long as 20 characters. It can consist of letters, numbers, and special characters. The passphrase is case-sensitive (UPPER CASE and lower case letters are not the same thing). The password is created and stored in Mozilla Firefox within your computer, so IdenTrust never has access to it.

9. What happens if I forget my Master Password?

If you forget your Master Password, you will not be able to use your certificate and will have to replace it. If you have multiple certificates, you won’t be able to use any of them. You will need to erase the certificate(s) and replace it (them).

Follow these steps to delete and replace your certificate(s). These step will permanently erase your certificate(s), so only follow this process if you have forgotten your Master Password.

  1. Click the Tools menu at the top of the Firefox browser window.

  2. Click Options. Depending on your version of Firefox, the icons will be on either the left side or the top of the Options window.

  3. Click Advanced.

  4. Open the Certificate Manager window:

    1. If your icons are at the top of the Options window, click the Security tab, and then click View Certificates.
    2. If your icons are on the left side, look for Certificates in the main part of the Options window. Under the Certificates heading, click Manage Certificates.

  5. Select the certificate you want to delete, and click the Delete button.
  6. Click OK when asked whether you are sure you want to delete the certificates.

To obtain a new IdenTrust certificate to replace the deleted one, please see the FAQ on replacing your certificate.

Back to top




RELATED CONTENT
Certificate Management Center
Application Status
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: IGC
FAQ: TrustID
PKI Basics
Certificate Security and Protection
Help using your Certificate
Change Control Schedules
Support Main
 

FEDERAL AGENCY PROGRAMS
Department of State
D-Trade
Department of Treasury IRS
Secure Data Transfer
MeF Electronic Filing Certificate
General Services Administration
eOffer

STATE AGENCY PROGRAMS
Florida
City of Tallahassee
Department of Transportation
JCalendar for State Court Systems
Maine
West Virginia
Department of Environmental Protection
Virginia
Department of Transportation (VDOT)
Department of Mines Minerals and Energy (DMME)
IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC We self-certify compliance with

© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies Follow us: Follow IdenTrust on Twitter