OIT Tech 32px
OHIO Information Technology

Select, Protect and Maintain Strong Passphrases

Don't make it easy for intruders to gain access to your system. Select passphrases that are hard for others to guess, but easy for you to remember.

Difference Between Passwords and Passphrases

Passwords are single words, whereas passphrases are entire phrases or sentences. Passphrases are generally safer because they are much longer than passwords, making it more difficult for hackers to guess. Passphrases must still vary in uppercase and lowercase letters, numbers and punctuation marks.

Selecting Your Passphrase  

  • Make it at least 8 characters long; the longer, the better.
  • Use a mixture of uppercase and lowercase letters, numbers and punctuation marks.
  • Avoid using personal data, including social security number, initials, birthdays, family names, anniversaries, etc.

Protecting Your Passphrase

  • Do not share your passphrases with friends, colleagues, or employers.
  • Do not write down your passphrases. The best place to store your passphrase is in your head.
  • Use separate passphrases for each system, especially when dealing with non-university providers. (For example, if you use eBay, don't make your eBay passphrase the same as your Catmail passphrase.)
  • Only log into your accounts on trusted computers. Public computers may be infected with malicious codes, which can steal your passwords.

Change Your Passphrase Regularly

The Security Office recommends changing your passphrase every 30 days. If your username and passphrase have been compromised, this can stop the unauthorized access to your accounts.

NOTE: It is important to require a startup passphrase when your computer turns on. Although automatic log-ins are convenient, it gives anyone easy access to your computer.