Goodbye NetID Passwords, Hello Passphrases!

In an effort to improve user account security, the Information Security Program Council (ISPC) has approved the use of passphrases for NetIDs.

By: Richard von Rauchhaupt
Last Updated: February 13, 2018

What is a passphrase?
A passphrase is a strong type of password. The primary difference between a passphrase and password is length. A password is usually a single word, while a passphrase is typically a sentence with a mixture of characters (letters, #’s and symbols). Cybersecurity experts agree that the longer a password is, the stronger it is.

Passphrase Example (Do not use): “I need a really b1g coffee n0w!”

You can read all about passphrases and how to secure your accounts by reviewing this Ouch! Newsletter and the additional guidance provided at cybersecurity.stonybrook.edu.

Why are we moving to passphrases?
Malicious hackers target accounts with weak passwords. Last year, approximately 81% of hacking-related breaches leveraged either stolen and/or weak passwords (*Verizon DBIR 2017 Report). A passphrase improves account security -- and, as an added bonus, most people find passphrases easier to remember.

Do I have to change my NetID password to a passphrase?
At this time, password changes are not mandatory. Existing NetID passwords will not be affected in any way. However, effective March 5th, 2018, new accounts will be required to use a passphrase, and anyone who resets their password will be also be required to use a passphrase.

Will my current NetID password or any other account, such as my Stony Brook Medicine login, be affected on this date?
No, they will not be affected on March 5th.

Should I voluntarily change my NetID password to a passphrase?
Yes, yes, yes! Every individual who switches to a passphrase helps strengthen the security of Stony Brook University’s computing environment.

Should I convert other accounts, in addition to my NetID, to use a passphrase?

Absolutely. Passphrases can be used for personal accounts, as well as other Stony Brook accounts. Use a passphrase whenever possible -- but be sure never to reuse the same passphrase across different sites.

How can I change my NetID to use a passphrase?

You can change your password to a passphrase in the same way you would normally reset your password via SOLAR (Security and Personal Data → NetID Maintenance).

For More Information Contact


Customer Engagement and Support