Cyber Security Awareness Month

October is Cyber Security Awareness Month and we'll be sharing a cyber safe tip each week. This week, we focus on passphrases.

What is a passphrase?

Passphrases are the new, improved, more secure version of passwords.

Passphrases are made up of a sequence of random words or other text making them longer than a traditional password. This makes them harder to guess but easy to remember.

Changing your passwords to a passphrase is a great way to improve your cyber security.

Before you try out passphrases, have you set up MFA?

Multi-factor authentication (MFA) is an effective way to protect your accounts against unauthorised access. MFA is a security measure that requires two or more proofs of identity to grant you access. MFA typically requires a combination of something the user knows (pin, secret question), something you have (card, token) or something unique to yourself (fingerprint or other biometric). However, where multi-factor authentication is not available, a strong passphrase is your best defence.

ACU staff have benefited from increased cyber security via MFA since 2020 and this will soon be rolled out to students.

Choosing a passphrase

When you choose your passphrase, make sure it is:

• long - the longer your passphrase, the better
  
  • make it at least 14 characters in length. For example, ‘Crystal Onion Clay Pretzel!’ and try to substitute characters (e=3), CrystalOnionClayPr3tz3l!
  • easy to remember
• unpredictable - the less predictable your passphrase, the better
  
  • a good passphrase is made up of a random mix of unrelated words
  • try not to use famous phrases, quotation or lyrics
  • a combination of uppercase letters, lowercase letters, numbers, and symbols
  • don’t use a name of a person, character, product, or organization
• unique - don’t recycle or reuse your passphrases.

Secure your passphrase

Once you have created a strong passphrase, keep it secure:

• don’t share a passphrase with anyone, including a friend, another member of staff or a family member
• never send a passphrase by email, instant message, or any other means of communication
• use a unique passphrase for each account or website. If someone steals your account information from one site, they'll try to use those credentials on hundreds of other well-known websites, such as banking, social media, or online shopping, hoping you've reused the passphrase elsewhere.
• you may choose to keep track of your passphrases in a notebook but never leave password or passphrases on your desk or near your computer.

Want more information?

• Join the Cyber Security group on Workplace for more up-to-date cyber security info
• Check out the Australian Cyber Security Centre resources
• Set secure passphrases at cyber.gov.au