October is Cyber Security Awareness Month and we'll be sharing a cyber safe tip each week. This week, we focus on passphrases.
What is a passphrase?
Passphrases are the new, improved, more secure version of passwords.
Passphrases are made up of a sequence of random words or other text making them longer than a traditional password. This makes them harder to guess but easy to remember.
Changing your passwords to a passphrase is a great way to improve your cyber security.
Before you try out passphrases, have you set up MFA?
Multi-factor authentication (MFA) is an effective way to protect your accounts against unauthorised access. MFA is a security measure that requires two or more proofs of identity to grant you access. MFA typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something unique to yourself (fingerprint or other biometric). However, where multi-factor authentication is not available, a strong passphrase is your best defence.
ACU staff have benefited from increased cyber security via MFA since 2020 and this will soon be rolled out to students.
Choosing a passphrase
When you choose your passphrase, make sure it is:
- long - the longer your passphrase, the better
- make it at least 14 characters in length. For example, ‘Crystal Onion Clay Pretzel!’ and try to substitute characters (e=3), CrystalOnionClayPr3tz3l!
- easy to remember
- unpredictable - the less predictable your passphrase, the better
- a good passphrase is made up of a random mix of unrelated words
- try not to use famous phrases, quotation or lyrics
- a combination of uppercase letters, lowercase letters, numbers, and symbols
- don’t use a name of a person, character, product, or organization
- unique - don’t recycle or reuse your passphrases.
Secure your passphrase
Once you have created a strong passphrase, keep it secure:
- don’t share a passphrase with anyone, including a friend, another member of staff or a family member
- never send a passphrase by email, instant message, or any other means of communication
- use a unique passphrase for each account or website. If someone steals your account information from one site, they'll try to use those credentials on hundreds of other well-known websites, such as banking, social media, or online shopping, hoping you've reused the passphrase elsewhere.
- you may choose to keep track of your passphrases in a notebook but never leave password or passphrases on your desk or near your computer.
Want more information?