Passphrase Requirements & Guidelines

As part of our continued effort to keep your CCAD account and data safe, we have adopted a passphrase approach to securing our accounts. This page provides tips, guidelines and best practices to use when selecting a strong and memorable passphrase.

 

 


New passphrase guidelines

As of June 23, 2021, when your passphrase is changed or reset, the new passphrase needs to meet the following requirements. Existing passwords will not be changed at this time.

  • At least 14 characters long (though 16 or longer is recommended)

  • There is no longer a complexity requirement, so you don’t have to use different types of characters such as numbers and special characters (@#$%^&*.,?)

  • Certain words are restricted from use in passphrases, including CCAD-specific terms and building names, local geography, seasons, sports teams, and recent years (e.g., ccad, crane, 2020, spring buckeyes)

  • Long story short, create a sufficiently long and easy to remember passphrase using a string of words. You can use the first letter of each word as an acronym to help you remember it. For example,
    R-E-A-D-Y: remembereveryauntdecidedyellow

Got questions?

What’s the difference between a password and a passphrase?

A passphrase is a sentence-like string of characters that is longer than a traditional password.
Example passphrase: UndoubtedlyaDifficultOnetoCrack

Why not call it a password?

We’re trying to establish good habits when creating new passwords, so they are resistant to guessing or automated attacks that could result in your account being compromised or loss of data.

Why are we using a passphrase approach?

The term “passphrase” emphasizes the most important aspect of a password’s ability to protect your account: length. A 32-character password with all lowercase letters is actually much more secure than a 10-character password that contains uppercase letters, numbers, and symbols. For an explanation of why this is true, check out this informative xkcd comic.

 

So how do I choose a strong, memorable passphrase?

A good start is to string together a list of words that will be easy for you to remember, as long as it doesn’t include one of the restricted words.

 

Secure, easy to remember

bigbuttonsonaminiaturecoat

Not secure, hard to remember

!nsPir@t10N

1Password Strong Password Generator

Visit the 1Password Strong Password Generator to easily create and copy a randomized, sufficiently long and easy to remember passphrase.

 

Use the drop down to change Random Password to Memorable Password, and then click the Refresh Password Generator button in the middle until you find a passphrase that you like. Finally, click the Copy Secure Password button to copy it to your clipboard.

 

Note that you can control some variables about the generation scheme, such as capitalization at the start of words and length in words of the passphrase.

 

Additional resources

Wikipedia article on passphrases:
https://en.wikipedia.org/wiki/Passphrase

Wikipedia article on Diceware, an early method for creating randomized passphrases:
https://en.wikipedia.org/wiki/Diceware

ZDNet article about FBI passphrase recommendation:
https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/