Cyber Security: Passphrases and Passwords

Audience: Faculty, Staff and Students

This KB Article References: Cyber Security
This Information is Intended for: Faculty, Staff, Students
Last Updated: February 08, 2018

What is a passphrase? 

A passphrase is an easier to remember password that is longer and therefore stronger. 

Password length most directly influences password strength.  So a longer passphrase made of simpler components is more effective than a shorter, super complex password that is difficult to remember.  

Using spaces in your passphrase add complexity while making it easier to remember and can be considered to be a special character like !@#$%^&*().

Examples:

  • Pizza123 - A very week password

  • I ate two slices of pizza - Better

  • I ate 2 slices of p1zz4! - Best

 

Passphrase/Password Complexity

Use passphrases of 16+ characters, and avoid sequential numbers/letters and dictionary words.

Passphrases are easier to remember than traditional passwords or random character strings and longer (therefore less hackable). Many sites/applications allow you to use special characters, punctuation, and even spaces. Switch a few letters for characters and use both upper and lower case for the best passphrase, so you could have a passphrase like this (but don't use this one!):

I ne3d a rea1ly b!g coff3e n0w!

Unique Passphrases

Use a different, unique passphrase for each program/application. By doing this - if one of your passphrases is compromised, your other accounts will be still secure. 

Changing Passphrases

Plan to change your passphrases every 3-6 months. Learn how to change your NetID passphrase.

Managing Passphrases

Overwhelmed by the thought of needing separate passphrases for all your accounts AND needing to change them regularly? Consider using a password manager.

Password Privacy

  • Do not share your passphrases - this includes sharing passphrases via text message, phone call, email, and online form. 
  • Try to avoid writing passphrases down - passphrases should never be stored in a document on your computer; if you must write down a new passphrase, write it down and carry it with you (and be sure to destroy the paper once you've memorized it)

Keep your passphrases private and do not share them. Know that DoIT will NEVER ask for your passphrase through email nor over the phone, and you should never submit your passphrase in a email/web form. Learn more about Phishing Scams.   

If you receive an email that is suspicious but inadvertently fill out a form or click on a link, contact Customer Engagement & Support and change your NetID passphrase immediately.

View previously recorded training or request training on this!

Additional Information


There are no additional resources available for this article.

Getting Help


The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Ticket

Supported By


Customer Engagement and Support