Effective November 17, 2021, users of eRA Commons (including Commons Mobile, ASSIST, and IAR) who change their passwords will be required to use a passphrase — a set of random words or a sentence at least 15 characters long — instead of a password. The change is designed to make passwords easy for users to remember but hard for others to guess. We previously communicated this change in a Nexus article and in targeted messages.
Even though eRA is moving to use of two-factor authentication (Login.gov or InCommon Federated Account), users still need to maintain their eRA Commons username and password/passphrase and will get reminders to reset the password annually. With this move, users will need to change their passphrase only once a year (as opposed to the current NIH policy that requires passwords to be changed every 120 days).
eRA users can reset their password by clicking the Forgot Password/Unlock Account link on the eRA Commons Login screen; see Figure 1. This link brings up the Reset Password screen where users enter their eRA Commons user ID and email associated with their eRA account.
Figure 1: Forgot Password/Unlock Account link on eRA Commons Login screen.
Users then receive an email with a temporary password. Upon eRA Commons login with the temporary password, which can be copied from the email and pasted into eRA Commons screens, the Change Password screen appears; see Figure 2. They might also be forwarded to this screen if logging into a new account or if their administrator has reset their password.
Figure 2: eRA Commons Change Password screen.
When the validation messages on the right indicate that password requirements have been met, the user clicks the Submit button to change the password.
After November 17, if eRA Commons users reset their passwords for any reason, they should keep the following password requirements in mind:
Password length is 15 characters minimum.
Password can be phrases including spaces and all printable characters, but special characters are not required.
Going forward, passwords must be reset less frequently, only once per year.
The password is case sensitive and cannot be reused within 10 passphrase cycles.
Please look for updated content and an updated eRA password policy document on November 17 on the Change Password page of the eRA website.