This article will cover frequently asked questions regarding the UNC Onyen.
Introduction
Onyen is the name for UNC’s universal log-in to gain access to various electronic resources on campus, especially UNC email. Although it is a word, you can think of it as an acronym for the “Only Name You’ll Ever Need.”
Q and A section
Onyen
Onyens are available to most members of the campus community.
- Every Onyen is associated with a particular person’s PID (Personal Identification Number).
- Each Onyen has its own password which can be used over secure connections for encrypted sessions to Web and other servers across campus.
UNC students, staff and faculty can use the Onyen Services home page to create and manage their Onyens, to subscribe to Onyen services, and use Onyen functions.
Please visit Creating an Onyen document for more detailed instructions on creating an Onyen. If you are creating an onyen in order to have access to UNC email, please see the following How do I get a UNC email account?
The Onyen Policy document outlines the policies, standards and terms of agreement associated with Onyens.
Can an Onyen be changed?
Onyens can be renamed under certain limited circumstances such as:
- Legal name change.
- An issue of personal security referred by the Office of University Counsel or University Police.
- If an Onyen is clearly offensive.
- To resolve a technical issue.
Onyens will not be renamed due to issues with Spam because this is not an effective deterrent from receiving unsolicited email.
How long will my Onyen stay active after I leave the University?
How long your Onyen will remain active depends on several factors. For students, the general rule is 180 days after the end of your last semester. Staff generally lose their access the day they leave the University. See the Onyen Policy for more details. Access to email, files, and specific computing services are determined on a service-by-service basis and may end at any time after your affiliation with the University ends. Before you graduate, please be sure to remove or transfer any data you need to keep.
Can I get a temporary Onyen to administer a UNC web site for a department or an individual if I am not affiliated with UNC?
In order to create an Onyen, you must be affiliated with the University in some capacity. This is because a PID (Personal ID Number) and an active affiliation are required to create an Onyen. PIDs are managed by the PID Office. Information about UNC affiliation, including a list of affiliation types, is available on the PID Office website. There is a procedure for contract employees that may solve this issue, but this requires that the sponsoring department contact the PID office. If the person does not meet any of the requirements on the PID page, then they will not be given a PID and will not be able to create an Onyen.
Onyen Password
How should I choose a password?
Your password must comply with University requirements (see the Password Standard).
The following is recent guidance from SANS, one of the leading Information Security organizations:
The days of crazy, complex passwords are over. Those passwords are hard to remember, difficult to type, and with today’s super-fast computers can be easy for a cyber attacker to crack. The key to passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. Here are two examples:
- Time for strong coffee!
- lost-snail-crawl-beach
Both of these are strong, with over twenty characters, easy to remember, and simple to type but difficult to crack. You will run into websites or situations requiring you to add symbols, numbers, or uppercase letters to your password, which is fine. Remember though, it’s length that is most important.
Password Do's:
- Change your Onyen password at least annually, to protect you from identity theft and prevent unauthorized use of your personal information.
- We recommend using a password manager. UNC faculty, staff, and students have access to the Premium version of LastPass password manager. See this LastPass article for more information
Password Dont's:
- Do not base your password on any items of personal information (e.g. PID, Social Security number, street address, birthdays, names of family members, etc.).
- Refrain from using popular words especially if your password is less than twenty characters (e.g. heel2026, oldwell1, pa$$word, C@R0L!N@ for CAROLINA); sophisticated password-cracking programs try these words and their combinations first.
- Do not write down your password anywhere.
- Do not share passwords with anyone. All passwords should be treated as sensitive, confidential information.
- Don’t reveal a password over the phone to ANYONE, including computer support personnel. Support personnel never initiate a call by requesting a password.
- Don’t reveal a password in an email message.
- Don’t hint at the format of a password (e.g. “my favorite pet.”)
- Don’t reveal a password on questionnaires or security forms.
- Don’t use the “Remember Password” feature of applications (e.g. Internet Browser).
For additional information about this and other security issues, please visit the Safe Computing site.
What services will be affected when I change my Onyen password?
Many services (including, but not limited to, HeelMail and Sakai) will be affected when you change your Onyen password.
What happens if I don’t change my Onyen password before it expires or I forget my Onyen password?
Passwords expire every year. If your Onyen password expires, you will be unable to access any services that use Onyen for authentication. If your password was working recently but now is not, then it may just be expired. Follow these steps to reactivate your expired Onyen or reset your forgotten password.
Why is the Onyen Password Security important to me?
In most cases, your Onyen password is the only authentication method for many critical network services. It may seem extreme to have a complex password policy, the protection it affords campus computer systems and the identities of faculty, staff, and students is immeasurable. Many Onyen users have access to sensitive and private information such as financial, medical, or research information. Strict password requirements help prevent unauthorized access to your e-mail and other files and to critical and confidential data. Therefore, even though it may seem inefficient to remember one new password every year, it is vital to ensuring the protection of everyone's important data. Imagine years of research data deleted or improperly modified because of a leaked or cracked password. The impact of such an event is unthinkable, and by enforcing a strict password policy this type of occurrence and other disasters may be prevented. The following are a few examples of what an attacker can do with your Onyen password:
- affect your class registration
- assume your identity
- send fraudulent e-mails
- divert direct deposits
- access your address, phone number, full name, date of birth, etc.
- change One Card account balances and other information
- register you for unwanted services