eRA credential passwords expire after a year and must be reset. When your password has expired or has been reset, you will be directed to select a new password when you try to log in.
Even after you begin using two-factor authentication (Login.gov or InCommon Federated accounts that support NIH’s two-factor authentication standards) to log into eRA Commons, you will still receive prompts to change your eRA account password at least once per year. See https://www.era.nih.gov/faqs.htm#XXIV.
Your new password must conform to the standards listed on the screen. Also see Password Requirements.
- Enter your Current Password.
- Enter a New Password.
- Re-enter the new password in the Confirm New Password field.
- Select Submit.
Your new password is effective immediately.
IMPORTANT: Your old password might re-appear in the Password field if you have not cleared your browser's cache/history, especially if you had previously opted to save the password in the field. Make sure you are entering the new password before you attempt to log in. If unsure, clear the cache/history and log in again with the new password.
For security purposes, we recommend that you not use the browser's save password option.