1. Think of a Passphrase
The recommendations for creating a passphrase are as follows:
- Minimum length of 14 characters
- Maximum length of 32 characters
- Composed of 4 or more dictionary words*
- It should be memorable but hard to guess
- It should not be a single long dictionary word or numeric sequence
- It should not contain any personal information
*If you prefer to use a password manager, a passphrase using 14 random characters is still a suitable choice.
An example of a passphrase using the requirements above might be fuzzy-peanuts-and-shiny-purses. Spaces or dashes are optional.
2. Gather your devices
Have all of your devices that have a University Sign In (i.e. smart phone with email setup, iPad or tablet with eduroam etc) with you and ready to update.
3. Change to a Passphrase
- Click on the Change your password link here
- If prompted, Sign in with your University email address and click the Next button to continue
- Enter your current password and click the Sign in button to continue
- Enter your Old password and your new password then click the Submit button to change your password
- You will need to update your devices as mentioned in step 2 with your new Passphrase.
4. Restart your devices
Once you have updated your devices with your new Passphrase, please restart them.
Please contact the Service Desk on (03) 6226 2600 if any assistance is required.
What is a Passphrase?
A passphrase is essentially the same as a password. It is a secret only you should know that allows you to identify yourself as the owner of your account.
The technology hasn't changed, and you'll still find it referred to as a password in many systems. However, where it differs is the parts that comprise it, and the degree of security it provides.
The average password is usually just a single word with some numbers, capital letters, or special characters thrown in. For a long time, that has been the recommendation - a minimum of 8 characters, with at least one upper case letter, one number, and one special character.
Historically that would have been enough to keep you secure. However, as computers become quicker, and tools used for cracking passwords become better, those old recommendations are falling short, to the extent that many passwords can be cracked within just a few seconds in an offline brute force attack. Changing to a longer passphrase will increase your account security.
The secondary benefit is memorability. A similarly secure password for the passphrase "fuzzypeanutsandshinypurses" (which would take around 35 centuries to crack!) can be constructed using the guidelines for a traditional password. However, it would end up looking something like "59AcU%i*D", which is a lot more challenging to remember.
And as a final benefit, when coupled with multi-factor authentication, it allows us to remove password expiry, So, while you may have to spend a little longer typing in your new passphrase, you will no longer have to update your password every 90 days.
For more information on passphrases, how password cracking works, and to test out the resilience of some passphrases for yourself, please head over to https://www.useapassphrase.com.
