Cyber Security: Passphrases and Passwords

This KB Article References: NetID
This Information is Intended for: Instructors, Staff, Students
Created: 07/20/2016 Last Updated: 05/01/2024

What is a passphrase? 

A passphrase is an easier-to-remember password that is longer and therefore stronger. 

Password length most directly influences password strength.  So a longer passphrase made of simpler components is more effective than a shorter, super complex password that is difficult to remember.  

Using spaces in your passphrase adds complexity while making it easier to remember and can be considered to be a special character like !@#$%^&*().

Examples:

  • Pizza123 - A very weak password
  • I ate two slices of pizza - Better
  • I ate 2 slices of p1zz4! - Best

 

Passphrase/Password Complexity

Use passphrases of 16+ characters, and avoid sequential numbers/letters and dictionary words.

Passphrases are easier to remember than traditional passwords or random character strings and longer (therefore less hackable). Many sites/applications allow you to use special characters, punctuation, and even spaces. Switch a few letters for characters and use both upper and lower case for the best passphrase, so you could have a passphrase like this (but don't use this one!):

I ne3d a rea1ly b!g coff3e n0w!

Unique Passphrases

Use a different, unique passphrase for each program/application. By doing this - if one of your passphrases is compromised, your other accounts will be still secure. 

Changing Passphrases

Plan to change your passphrases every 3-6 months. Learn how to change your NetID passphrase.

Managing Passphrases

Overwhelmed by the thought of needing separate passphrases for all your accounts AND needing to change them regularly? Consider using a password manager, such as LastPass, which Stony Brook offers free to all students and staff.

Password Privacy

  • Do not share your passphrases - this includes sharing passphrases via text message, phone call, email, and online form. 
  • Try to avoid writing passphrases down - passphrases should never be stored in a document on your computer; if you must write down a new passphrase, write it down and carry it with you (and be sure to destroy the paper once you've memorized it)

Keep your passphrases private and do not share them. Know that DoIT will NEVER ask for your passphrase through email nor over the phone, and you should never submit your passphrase in a email/web form. Learn more about Phishing Scams.   

If you receive an email that is suspicious but inadvertently fill out a form or click on a link, contact Customer Engagement & Support and change your NetID passphrase immediately.

Supported By

Customer Engagement and Support
Customer Engagement and Support Help Portal