Onyen and Password FAQs


What is an Onyen?

Please visit the What is an Onyen? document.

What are the supported browsers for the Onyen Services Site?

  • Microsoft Edge
  • Internet Explorer (IE, Version 9 – 11)
  • Firefox (Version 23 – Current Version)
  • Safari (Version 5 – Current Version)
  • Chrome (Version 28 – Current Version)

How do I find my Onyen?

If you do not know or have forgotten your Onyen:

  • Open a web browser and go to the Onyen Services site and click the Forgotten Onyen? button.
  • You will then be prompted for your PID (UNC ID #) and your last name.
  • Enter the above and click the Continue button.
  • The resulting page will show you your Onyen (and other related information).
  • Additionally, if you can log into HeelMail your user name used is your Onyen.

Can I change or rename my onyen?

Onyens can be renamed for the following reasons:

  • Where a legal name change has occurred (marriage, divorce, etc.).
  • Where there is an issue of personal security as determined by ITS and, as necessary, the Office of University Counsel.
  • Where the Onyen is clearly offensive.
  • Other requests will be reviewed on a case-by-case basis.
Onyens will not be renamed due to issues with Spam because this is not an effective deterrent from receiving unsolicited email.

How long will my Onyen stay active after I graduate?

Your Onyen will remain active for at least 180 days after your affiliation with the University ends unless an official request is made to end that access earlier. Access to email, files, and specific computing services are determined on a service-by-service basis and may end at any time after your affiliation with the University ends. Before you graduate, please be sure to remove or transfer any data you need to keep.

Can I get a temporary Onyen to administer a UNC web site for a department or an individual if I am not affiliated with UNC?

In order to create an Onyen, you must be affiliated with the University in some capacity. This is because a PID (Personal ID Number) and an active affiliation are required to create an Onyen. PIDs are managed by the PID Office.

Information about UNC affiliation, including a list of affiliation types, is available on the PID Office website. There is a procedure for contract employees that may solve this issue, but this requires that the sponsoring department contacts the PID office.

If the person does not meet any of the requirements on the PID page, then he will not be given a PID and will not be able to create an Onyen.

Onyen Password

How should I choose a password?

Your password must comply with University requirements (see the Password Standard).

The following is recent guidance from SANS, one of the world’s leading Information Security organizations: 

The days of crazy, complex passwords are over. Those passwords are hard to remember, difficult to type, and with today’s super-fast computers can be easy for a cyber attacker to crack. The key to passwords is to make them long; the more characters you have the better. These are called passphrases: a type of strong password that uses a short sentence or random words. Here are two examples: 

  • Time for strong coffee! 
  • lost-snail-crawl-beach 

Both of these are strong, with over twenty characters, easy to remember, and simple to type but difficult to crack. You will run into websites or situations requiring you to add symbols, numbers, or uppercase letters to your password, which is fine. Remember though, it’s length that is most important. 

Other guidelines include: 

  • You will be required to change your Onyen password at least annually, to protect you from identity theft and prevent unauthorized use of your personal information.  
  • Do not base your password on any items of personal information (e.g. PID, Social Security number, street address, birthdays, names of family members, etc.). 
  • Refrain from using popular words especially if your password is less than twenty characters (e.g. heel2019, oldwell1, pa$$word, C@R0L!N@ for CAROLINA); sophisticated password-cracking programs try these words and their combinations first. 
  • Do not write your password down anywhere.  We recommend using a password manager.  See the Safe Computing site for additional information. 
  • Do not share passwords with anyone. All passwords should be treated as sensitive, confidential information. 
  • Don’t reveal a password over the phone to ANYONE, including computer support personnel. Support personnel should never initiate a call requesting a password. 
  • Don’t reveal a password in an email message. 
  • Don’t hint at the format of a password (e.g. “my favorite pet.”) 
  • Don’t reveal a password on questionnaires or security forms. 
  • Don’t use the “Remember Password” feature of applications (e.g. Internet Browser). 

For additional information about this and other security issues, please visit the Safe Computing site. 

What do I do if I have forgotten my Onyen password?

  • Visit the Onyen Services site then click on Reset Lost or Forgotten Password.  Enter the required Challenge Response information and other required info.
  • Passwords expire every year. If your password was working recently but now is not, then it may just be expired. Visit the Onyen Services site to change your expired Onyen password to a new one.
  • To prevent you from having to do this in the future, you are required to set up the Challenge-Response Questions system. You will then be able to reset your own password after answering a series of questions.

What services will be affected when I change my Onyen password?

Many services (including, but not limited to, HeelMail and Sakai) will be affected when you change your Onyen password. Please visit the Password Change Checklist for a more in-depth list of Onyen-Authenticated Services.

What if I don’t change my Onyen password before it expires?

  • If your Onyen password expires, you will be unable to access any services that use the Onyen for authentication. A list of these services is located in the Password Change Checklist.
  • If you remember your password, you can reset it at the Onyen Services site.
    • Click Create or Manage Password
    • Enter the appropriate information (Onyen, current password, new password twice) in the four blanks
    • click Change Password.
    • If you do not remember your password, please visit Reset Lost or Forgotten Password.
  • As always, feel free to come to The ITS Service Desk, located in the basement of the R. B. House Undergraduate Library and SASB-South, is open at the hours listed on the Walk-in Support Hours document.

Why is the Onyen Password Security important to me?

In most cases, your Onyen password is the only authentication method for many critical network services (please visit the Password Change Checklist). It may seem extreme to have a complex password policy, the protection it affords campus computer systems and the identities of faculty, staff, and students is immeasurable. Many Onyen users have access to sensitive and private information such as financial, medical, or research information. Strict password requirements not only help to prevent unauthorized access to your e-mail and other files but also to critical and confidential data. Therefore, even though it may seem inefficient to remember one new password every year, it is vital to ensuring the protection of everyone’s important data. Imagine years of research data deleted or improperly modified because of a leaked or cracked password. The impact of such an event is unthinkable, and by enforcing a strict password policy this type of occurrence and other disasters may be prevented. The following are only a few examples of the damage that an attacker can perpetrate with your Onyen password:

  • affect your class registration
  • assume your identity
  • send fraudulent e-mails
  • divert direct deposit information 
  • access your address, phone number, full name, date of birth, etc.
  • change One Card account balances and other information
  • register you for unwanted services

You are responsible for everything that occurs from your Onyen account. If your Onyen is used to commit a computer crime or violate University policy, in most cases you will be held responsible (please visit the Onyen Policy).

Do I Need to Change My Password if I Never Use My Onyen?

Click here for a list of sites that use the Onyen for access. If you do not use any of these services and therefore, you never use your Onyen, do not worry about the expired password. If you need access to these services in the future, your password will need to be changed at that time.

We recommend you set up the Challenge-Response Questions system so you may reset your own password, in case it is forgotten.