Cyber Security: Passphrases and Passwords

Audience: Faculty, Staff and Students

This KB Article References: NetID
This Information is Intended for: Faculty, Staff, Students
Last Updated: March 01, 2024
Average Rating: Not Rated
Your feedback is important to us, help us by logging in to rate this article and provide feedback.

What is a passphrase? 

A passphrase is an easier-to-remember password that is longer and therefore stronger. 

Password length most directly influences password strength.  So a longer passphrase made of simpler components is more effective than a shorter, super complex password that is difficult to remember.  

Using spaces in your passphrase adds complexity while making it easier to remember and can be considered to be a special character like !@#$%^&*().


  • Pizza123 - A very weak password

  • I ate two slices of pizza - Better

  • I ate 2 slices of p1zz4! - Best


Passphrase/Password Complexity

Use passphrases of 16+ characters, and avoid sequential numbers/letters and dictionary words.

Passphrases are easier to remember than traditional passwords or random character strings and longer (therefore less hackable). Many sites/applications allow you to use special characters, punctuation, and even spaces. Switch a few letters for characters and use both upper and lower case for the best passphrase, so you could have a passphrase like this (but don't use this one!):

I ne3d a rea1ly b!g coff3e n0w!

Unique Passphrases

Use a different, unique passphrase for each program/application. By doing this - if one of your passphrases is compromised, your other accounts will be still secure. 

Changing Passphrases

Plan to change your passphrases every 3-6 months. Learn how to change your NetID passphrase.

Managing Passphrases

Overwhelmed by the thought of needing separate passphrases for all your accounts AND needing to change them regularly? Consider using a password manager, such as LastPass, which Stony Brook offers free to all students and staff.

Password Privacy

  • Do not share your passphrases - this includes sharing passphrases via text message, phone call, email, and online form. 
  • Try to avoid writing passphrases down - passphrases should never be stored in a document on your computer; if you must write down a new passphrase, write it down and carry it with you (and be sure to destroy the paper once you've memorized it)

Keep your passphrases private and do not share them. Know that DoIT will NEVER ask for your passphrase through email nor over the phone, and you should never submit your passphrase in a email/web form. Learn more about Phishing Scams.   

If you receive an email that is suspicious but inadvertently fill out a form or click on a link, contact Customer Engagement & Support and change your NetID passphrase immediately.

View previously recorded training or request training on this!

Additional Information

There are no additional resources available for this article.

Provide Feedback

Your feedback is important to us, help us by logging in to rate this article and provide feedback.

Sign in with NetID

Getting Help

The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Quick Ticket

Supported By

Customer Engagement and Support