Tips for creating a secure password/passphrases

To protect Vol State information resources, faculty and staff are required to change their Vol State passwords every 90 days.

Passwords must be minimum of 8 characters and MUST NOT contain ANY part of your name, username or V number. 

Passwords must contain characters from at least three of the following four categories:

  • English uppercase alphabet characters (A-Z)
  • English lowercase alphabet characters (a-z)
  • Base 10 digits (0-9)
  • Non-alphanumeric characters: !*-/:?
  • NOTE: The following characters cannot be used: @ $ & " ( ) ' ; = # or a blank space

In addition to these requirements, passwords/passphrases should never be shared, written down, or e-mailed to others. Users cannot reuse any of their previous ten passwords. 

What is a passphrase?

A passphrase is a password.  We’ve all been told to create passwords with upper and lower case letters, numbers and special characters: JkLp20*&QX2z!  The problem? That’s hard to remember, and not so hard for a password cracker wielding cybercriminal to crack.

The National Institute of Standards and Technology (NIST) recommends using a passphrase. Their recommendation is based on the research findings from Carnegie Mellon’s Lorrie Faith Trainor. Watch her Ted Talk - "iloveyou password 123456." .

A passphrase is a long combination of words that is hard to guess, but easy for you to remember. The idea is to put words together based on how you associate meaning from the words. 

Tips for creating a good passphrase

This article, posted on the NIST website, is worth reading: https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-pw0rd

Please Note: All examples below are written without spaces, just as you would enter a password.

Create a passphrase by putting together words that go together in your mind, based on the way that you think and make associations between objects, people, rooms in your house, etc.

The above referenced NIST article tells us to create a passphrase from a picture in our head. The author says that while sitting in his dining room chair, he sees elements of his kitchen: “blenderventpendantredchair.” This is easy for him to remember because the elements are listed in the order they appear as he looks around the room. A hacker would not know that.

  • Maybe you’re a bird watcher: falconfieldflyrat
  • Maybe you like rice: ricewaterplumproundpan.
  • Maybe you have a vase from your great grandmother: vasegrannyheirloomgreen
  • Maybe your child will go to college next year: savingstaxescollegeexemption, or, awaycreditcardheadache, or, something that you think about when you think about your child going to college.

What's important?

  1. Passphrase length: make your passphrase at least 15 characters long.
  2. Passphrase idiosyncrasy: make it unique to your thinking and not a popular phrase like “Who’s on First?”
  3. Create a unique passphrase for each account you own.
  4. Creating a passphrase/password is only one part of staying secure, and keeping your information safe.

What to avoid?

The temptation to use loved one's names, birthdays and anniversaries is great. But "easy to remember" can also become "easy to guess." And, in a world where hackers use sophisticated software to crack passwords, an easy password is an open invitation. The challenge is to create something that is memorable for you but tough for others to decipher.

  • Don’t use your phone number, address, birthday, or other private information in your passphrase. Stay away from phrases that start with “I love…,” or “I hate….” Don’t use popular sentences like:
    • Fourscoreandsevenyearsago… (Gettysburg Address)
    • Thisdaywillliveininfamy. (Pearl Harbor Address)
    • I’mthenewSinatraandsinceImadeithere… (Jay Z)
    • MaysTiantBondsVaughnClemens (Major League Baseball Greats)
    • JackJillJoeJane (the names of your four children, for instance)
  • Never use the same password for more than one account.
  • Don’t use keyword patterns like QWERTY or 54321.
  • Never share your password with anyone, in any form. Never.
  • Never believe that a strong passphrases is the only thing you need to be secure online. Read more about your role in Information Security.

Protect yourself at all times.

Details

Article ID: 62727
Created
Thu 9/20/18 5:01 PM
Modified
Wed 6/21/23 3:45 PM

Related Articles (2)

How to Change Your Password or Look Up Your User Name
Learn how to activate or change your Vol State student password (to access the campus network (wired & wireless), D2L/eLearn, Degree Works, email and the library databases) or look up and obtain your username.