Passphrase Requirements & Guidelines

A strong password is crucial to securing your account and data, but it should also be memorable and easy to enter. That's why we use a passphrase approach to securing our accounts. This page provides tips, guidelines and best practices to use when creating a strong and memorable passphrase.

If you are a new student logging in for the first time, skip to the Creating a new passphrase section.

 

 


Creating a new passphrase

When you log into your account for the first time or change or reset your passphrase, your new passphrase needs to meet the following requirements. This will change the passphrase you use to log into all CCAD systems—Moodle, Self Service, campus Wi-Fi, wireless printing, the faculty and staff portal, etc.

  • At least 16 characters long (though 20 or longer is recommended)

  • There is no complexity requirement, so you don’t have to use different types of characters such as numbers and special characters (@#$%^&*.,?)

  • Certain words are restricted from use in passphrases, including CCAD-specific terms and building names, local geography, seasons, sports teams, and recent years (e.g., ccad, crane, 2020, spring, buckeyes)

  • Long story short, create a sufficiently long and easy to remember passphrase using a string of words. You can use the first letter of each word as an acronym to help you remember it. For example,
    R-E-A-D-Y: remembereveryauntdecidedyellow

Got questions?

What’s the difference between a password and a passphrase?

A passphrase is a sentence-like string of characters that is longer than a traditional password.
Example passphrase: UndoubtedlyaDifficultOnetoCrack

Why not call it a password?

We’re trying to establish good habits when creating new passwords, so they are resistant to guessing or automated attacks that could result in your account being compromised or loss of data.

Why are we using a passphrase approach?

The term “passphrase” emphasizes the most important aspect of a password’s ability to protect your account: length. A 32-character passphrase with all lowercase letters is actually much more secure than a 10-character password that contains uppercase letters, numbers, and symbols. For an explanation of why this is true, check out this xkcd comic.

 

So how do I choose a strong, memorable passphrase?

A good start is to string together a list of words that will be easy for you to remember, as long as it doesn’t include one of the restricted words.

 

Secure, easy to remember

bigbuttonsonaminiaturecoat

1Password Strong Password Generator

Visit the 1Password Strong Password Generator to easily create and copy a randomized, sufficiently long and easy to remember passphrase.

 

Use the drop down to change Random Password to Memorable Password, and then click the Refresh Password Generator button in the middle until you find a passphrase that you like. Finally, click the Copy Secure Password button to copy it to your clipboard.

 

Note that you can control some variables about the generation scheme, such as capitalization at the start of words and length in words of the passphrase.

 

Additional resources

Wikipedia article on passphrases:
Passphrase

Wikipedia article on Diceware, an early method for creating randomized passphrases:
Diceware

ZDNet article about FBI passphrase recommendation:
https://www.zdnet.com/article/fbi-recommends-passphrases-over-password-complexity/